mirror of
https://github.com/MariaDB/server.git
synced 2025-07-30 16:24:05 +03:00
MDEV-29070 SIGSEGV in my_decimal::operator= and Assertion `0' failed and in Item_type_holder::val_decimal on SELECT
The bug is fixed by the patch ported from MySQL. See the comprehensive description below. commit 455c4e8810c76430719b1a08a63ca0f69f44678a Author: Guilhem Bichot <guilhem.bichot@oracle.com> Date: Fri Mar 13 17:51:27 2015 +0100 Bug#17668844: CRASH/ASSERT AT ITEM_TYPE_HOLDER::VAL_STR IN ITEM.C We have a predicate of the form: literal_row <=> (a UNION) The subquery is constant, so Item_cache objects are used for its SELECT list. In order, this happens: - Item_subselect::fix_fields() calls select_lex_unit::prepare, where we create Item_type_holder's (appended to unit->types list), create the tmp table (using type info found in unit->types), and call fill_item_list() to put the Item_field's of this table into unit->item_list. - Item_subselect::fix_length_and_dec() calls set_row() which makes Item_cache's of the subquery wrap the Item_type_holder's - When/if a first result row is found for the subquery, Item_cache's are re-pointed to unit->item_list (i.e. Item_field objects which reference the UNION's tmp table columns) (see call to Item_singlerow_subselect::store()). - In our subquery, no result row is found, so the Item_cache's still wrap Item_type_holder's; evaluating '<=>' reads the value of those, but Item_type_holder objects are not expected to be evaluated. Fix: instead of putting unit->types into Item_cache, and later replacing with unit->item_list, put unit->item_list in Item_cache from the start. Approved by Oleksandr Byelkin <sanja@mariadb.com>
This commit is contained in:
@ -1324,7 +1324,7 @@ a
|
||||
SHOW CREATE TABLE t1;
|
||||
Table Create Table
|
||||
t1 CREATE TABLE `t1` (
|
||||
`a` int(3) DEFAULT NULL
|
||||
`a` int(11) DEFAULT NULL
|
||||
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci
|
||||
drop table t1;
|
||||
create table t1 (a int);
|
||||
@ -7498,6 +7498,45 @@ ERROR HY000: Illegal parameter data types row and boolean for operation '='
|
||||
SELECT ROW(1,2) = (1 = ANY (SELECT 1 UNION SELECT 2));
|
||||
ERROR HY000: Illegal parameter data types row and boolean for operation '='
|
||||
#
|
||||
# MDEV-29070 SIGSEGV in my_decimal::operator= and Assertion `0' failed
|
||||
# in Item_type_holder::val_decimal on SELECT
|
||||
#
|
||||
CREATE TABLE t1(a INT UNIQUE);
|
||||
INSERT INTO t1(a) VALUES (1);
|
||||
SELECT a FROM t1 WHERE (SELECT a, a UNION SELECT 1, a FROM t1) IN (SELECT 1, 1);
|
||||
a
|
||||
1
|
||||
SELECT a FROM t1 WHERE (SELECT a, a UNION SELECT 1, a FROM t1) IN (SELECT a, a);
|
||||
a
|
||||
1
|
||||
UPDATE t1 SET a = 0
|
||||
WHERE (SELECT a, a WHERE a < 0 INTERSECT
|
||||
SELECT +1 / +1, a FROM t1 WHERE a > -0+1) IN (SELECT a, a);
|
||||
SELECT a FROM t1 WHERE (SELECT a, a WHERE a < 0 INTERSECT
|
||||
SELECT + 1 / + 1, a FROM t1
|
||||
WHERE a > -0 + 1) IN (SELECT a, a);
|
||||
a
|
||||
CREATE TABLE x (x INT);
|
||||
INSERT INTO x (x) VALUES (1);
|
||||
UPDATE x SET x = 1 WHERE x = 1;
|
||||
INSERT INTO x (x) VALUES (1), (1);
|
||||
WITH RECURSIVE x (x) AS (
|
||||
SELECT 1 INTERSECT
|
||||
SELECT -(SELECT 1.000000 AS x
|
||||
UNION
|
||||
SELECT 1.000000 ORDER BY NOT x < 'x',
|
||||
-(SELECT 1 + x/1.000000 IN (1, 1) FROM x
|
||||
WHERE x ORDER BY 1 - x) DESC LIMIT 1 OFFSET 1
|
||||
) + 1 FROM x
|
||||
)
|
||||
SELECT DISTINCT x, 1, NULL, 1.000000
|
||||
FROM x
|
||||
WHERE (SELECT (SELECT x WHERE x IN (SELECT x FROM x))) >
|
||||
(SELECT (SELECT x ORDER BY x = x OR (x = 1 AND x = 1) DESC))
|
||||
ORDER BY x ASC, x DESC, x;
|
||||
ERROR 22007: Truncated incorrect DECIMAL value: 'x'
|
||||
DROP TABLE t1, x;
|
||||
#
|
||||
# End of 10.4 tests
|
||||
#
|
||||
set optimizer_switch=default;
|
||||
|
Reference in New Issue
Block a user