From bce51cebcb0e1e6a17c307356b5e70b24086f320 Mon Sep 17 00:00:00 2001 From: Sergey Petrunya Date: Wed, 15 Jun 2011 18:37:01 +0400 Subject: [PATCH] BUG#778406: Crash in hp_movelink with Aria engine and subqueries -In do_sj_dups_weedout(), set nulls_ptr to point to NULL bytes (and not to length bytes) of the DuplicateWeedout column. --- mysql-test/r/subselect_sj.result | 21 +++++++++++++++++++++ mysql-test/r/subselect_sj_jcl6.result | 21 +++++++++++++++++++++ mysql-test/t/subselect_sj.test | 23 +++++++++++++++++++++++ sql/opt_subselect.cc | 2 +- 4 files changed, 66 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/subselect_sj.result b/mysql-test/r/subselect_sj.result index f93d22648bc..364813030b2 100644 --- a/mysql-test/r/subselect_sj.result +++ b/mysql-test/r/subselect_sj.result @@ -1305,4 +1305,25 @@ WHERE alias2.f11 IN ( SELECT f11 FROM t2 ) GROUP BY field2 ; field2 drop table t1, t2, t3; +# +# BUG#778406 Crash in hp_movelink with Aria engine and subqueries +# +CREATE TABLE t4 (f10 varchar(32) , KEY (f10)) ENGINE=Aria; +INSERT INTO t4 VALUES ('x'),('m'),('c'); +CREATE TABLE t1 (f11 int) ENGINE=Aria; +INSERT INTO t1 VALUES (0),(0),(0); +CREATE TABLE t2 ( f10 int) ENGINE=Aria; +INSERT INTO t2 VALUES (0),(0),(0); +CREATE TABLE t3 ( f10 int, f11 int) ENGINE=Aria; +SELECT * +FROM t4 +WHERE f10 IN +( SELECT t1.f11 +FROM t1 +LEFT JOIN t2 JOIN t3 ON t3.f10 = t2.f10 ON t3.f11 != 0 ); +f10 +x +m +c +drop table t1,t2,t3,t4; set @@optimizer_switch=@save_optimizer_switch; diff --git a/mysql-test/r/subselect_sj_jcl6.result b/mysql-test/r/subselect_sj_jcl6.result index 1dc7a51e9bb..a3eca278db4 100644 --- a/mysql-test/r/subselect_sj_jcl6.result +++ b/mysql-test/r/subselect_sj_jcl6.result @@ -1313,6 +1313,27 @@ WHERE alias2.f11 IN ( SELECT f11 FROM t2 ) GROUP BY field2 ; field2 drop table t1, t2, t3; +# +# BUG#778406 Crash in hp_movelink with Aria engine and subqueries +# +CREATE TABLE t4 (f10 varchar(32) , KEY (f10)) ENGINE=Aria; +INSERT INTO t4 VALUES ('x'),('m'),('c'); +CREATE TABLE t1 (f11 int) ENGINE=Aria; +INSERT INTO t1 VALUES (0),(0),(0); +CREATE TABLE t2 ( f10 int) ENGINE=Aria; +INSERT INTO t2 VALUES (0),(0),(0); +CREATE TABLE t3 ( f10 int, f11 int) ENGINE=Aria; +SELECT * +FROM t4 +WHERE f10 IN +( SELECT t1.f11 +FROM t1 +LEFT JOIN t2 JOIN t3 ON t3.f10 = t2.f10 ON t3.f11 != 0 ); +f10 +x +m +c +drop table t1,t2,t3,t4; set @@optimizer_switch=@save_optimizer_switch; # # BUG#49129: Wrong result with IN-subquery with join_cache_level=6 and firstmatch=off diff --git a/mysql-test/t/subselect_sj.test b/mysql-test/t/subselect_sj.test index 221cd6bca33..86ea719e8b0 100644 --- a/mysql-test/t/subselect_sj.test +++ b/mysql-test/t/subselect_sj.test @@ -1189,5 +1189,28 @@ GROUP BY field2 ; drop table t1, t2, t3; +--echo # +--echo # BUG#778406 Crash in hp_movelink with Aria engine and subqueries +--echo # +CREATE TABLE t4 (f10 varchar(32) , KEY (f10)) ENGINE=Aria; +INSERT INTO t4 VALUES ('x'),('m'),('c'); + +CREATE TABLE t1 (f11 int) ENGINE=Aria; +INSERT INTO t1 VALUES (0),(0),(0); + +CREATE TABLE t2 ( f10 int) ENGINE=Aria; +INSERT INTO t2 VALUES (0),(0),(0); + +CREATE TABLE t3 ( f10 int, f11 int) ENGINE=Aria; + +SELECT * +FROM t4 +WHERE f10 IN +( SELECT t1.f11 +FROM t1 +LEFT JOIN t2 JOIN t3 ON t3.f10 = t2.f10 ON t3.f11 != 0 ); + +drop table t1,t2,t3,t4; + # The following command must be the last one the file set @@optimizer_switch=@save_optimizer_switch; diff --git a/sql/opt_subselect.cc b/sql/opt_subselect.cc index 375afa567e9..0b654315b4c 100644 --- a/sql/opt_subselect.cc +++ b/sql/opt_subselect.cc @@ -3515,7 +3515,6 @@ int do_sj_dups_weedout(THD *thd, SJ_TMP_TABLE *sjtbl) } ptr= sjtbl->tmp_table->record[0] + 1; - nulls_ptr= ptr; /* Put the the rowids tuple into table->record[0]: */ @@ -3531,6 +3530,7 @@ int do_sj_dups_weedout(THD *thd, SJ_TMP_TABLE *sjtbl) ptr += 2; } + nulls_ptr= ptr; // 2. Zero the null bytes if (sjtbl->null_bytes) {