diff --git a/mysql-test/r/ps.result b/mysql-test/r/ps.result index 4d108e06356..9afbca9dcb1 100644 --- a/mysql-test/r/ps.result +++ b/mysql-test/r/ps.result @@ -880,3 +880,49 @@ select row_count(); row_count() 1 drop table t1; +create table t1 (a int, b int); +insert into t1 (a,b) values (2,8),(1,9),(3,7); +prepare stmt from "select * from t1 order by ?"; +execute stmt using @a; +a b +2 8 +1 9 +3 7 +set @a=1; +execute stmt using @a; +a b +1 9 +2 8 +3 7 +set @a=2; +execute stmt using @a; +a b +3 7 +2 8 +1 9 +deallocate prepare stmt; +select * from t1 order by 1; +a b +1 9 +2 8 +3 7 +prepare stmt from "select * from t1 order by ?+1"; +set @a=0; +execute stmt using @a; +a b +2 8 +1 9 +3 7 +set @a=1; +execute stmt using @a; +a b +2 8 +1 9 +3 7 +deallocate prepare stmt; +select * from t1 order by 1+1; +a b +2 8 +1 9 +3 7 +drop table t1; diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result index fd09e9c8e94..3e139f8cce5 100644 --- a/mysql-test/r/sp.result +++ b/mysql-test/r/sp.result @@ -4802,4 +4802,39 @@ f1 bug13575(f1) 3 ccc drop function bug13575; drop table t3| +drop procedure if exists bug16474_1| +drop procedure if exists bug16474_2| +delete from t1| +insert into t1 values ('c', 2), ('b', 3), ('a', 1)| +create procedure bug16474_1() +begin +declare x int; +select id from t1 order by x; +end| +create procedure bug16474_2(x int) +select id from t1 order by x| +call bug16474_1()| +id +c +b +a +call bug16474_2(1)| +id +c +b +a +call bug16474_2(2)| +id +c +b +a +drop procedure bug16474_1| +drop procedure bug16474_2| +set @x = 2| +select * from t1 order by @x| +id data +c 2 +b 3 +a 1 +delete from t1| drop table t1,t2; diff --git a/mysql-test/t/ps.test b/mysql-test/t/ps.test index d6b239c31bf..285b5fb0aa3 100644 --- a/mysql-test/t/ps.test +++ b/mysql-test/t/ps.test @@ -933,4 +933,38 @@ execute ins_call; select row_count(); drop table t1; +# +# BUG#16474: SP crashed MySQL +# (when using "order by localvar", where 'localvar' is just that. +# The actual bug test is in sp.test, this is just testing that we get the +# expected result for prepared statements too, i.e. place holders work as +# textual substitution. If it's a single integer, it works as the (deprecated) +# "order by column#", otherwise it's an expression. +# +create table t1 (a int, b int); +insert into t1 (a,b) values (2,8),(1,9),(3,7); + +# Will order by index +prepare stmt from "select * from t1 order by ?"; +execute stmt using @a; +set @a=1; +execute stmt using @a; +set @a=2; +execute stmt using @a; +deallocate prepare stmt; +# For reference: +select * from t1 order by 1; + +# Will not order by index. +prepare stmt from "select * from t1 order by ?+1"; +set @a=0; +execute stmt using @a; +set @a=1; +execute stmt using @a; +deallocate prepare stmt; +# For reference: +select * from t1 order by 1+1; + +drop table t1; + # End of 5.0 tests diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test index ee7b05498fd..9e1afa53149 100644 --- a/mysql-test/t/sp.test +++ b/mysql-test/t/sp.test @@ -5647,6 +5647,42 @@ select distinct f1, bug13575(f1) from t3 order by f1| drop function bug13575; drop table t3| +# +# BUG#16474: SP crashed MySQL +# (when using "order by localvar", where 'localvar' is just that. +# +--disable_warnings +drop procedure if exists bug16474_1| +drop procedure if exists bug16474_2| +--enable_warnings + +delete from t1| +insert into t1 values ('c', 2), ('b', 3), ('a', 1)| + +create procedure bug16474_1() +begin + declare x int; + + select id from t1 order by x; +end| + +# This does NOT order by column index; variable is an expression. +create procedure bug16474_2(x int) + select id from t1 order by x| + +call bug16474_1()| +call bug16474_2(1)| +call bug16474_2(2)| +drop procedure bug16474_1| +drop procedure bug16474_2| + +# For reference: user variables are expressions too and do not affect ordering. +set @x = 2| +select * from t1 order by @x| + +delete from t1| + + # # BUG#NNNN: New bug synopsis # diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 6e530b58d74..72aa4b5bdad 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -12333,7 +12333,12 @@ find_order_in_list(THD *thd, Item **ref_pointer_array, TABLE_LIST *tables, Item **select_item; /* The corresponding item from the SELECT clause. */ Field *from_field; /* The corresponding field from the FROM clause. */ - if (order_item->type() == Item::INT_ITEM) + /* + Local SP variables may be int but are expressions, not positions. + (And they can't be used before fix_fields is called for them). + */ + // if (order_item->type() == Item::INT_ITEM && !order_item->is_splocal()) + if (order_item->type() == Item::INT_ITEM && order_item->basic_const_item()) { /* Order by position */ uint count= (uint) order_item->val_int(); if (!count || count > fields.elements)