From adbad5e36f99f64eedbcc43f98215f5e52f10cad Mon Sep 17 00:00:00 2001 From: Oleg Smirnov Date: Tue, 25 Apr 2023 14:34:31 +0700 Subject: [PATCH] MDEV-31113 Server crashes in store_length / Type_handler_string_result::make_sort_key with DISTINCT and group function Fix-up for commit 476b24d084e7e717310155bb986eb086d3c1e1a6 Author: Monty Date: Thu Feb 16 14:19:33 2023 +0200 MDEV-20057 Distinct SUM on CROSS JOIN and grouped returns wrong result which misses initializing of sorder->suffix_length. In this commit the initialization is implemented by passing MY_ZEROFILL flag to the allocation of SORT_FIELD elements --- mysql-test/main/distinct.result | 14 ++++++++++++++ mysql-test/main/distinct.test | 13 +++++++++++++ sql/sql_select.cc | 3 +-- 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/mysql-test/main/distinct.result b/mysql-test/main/distinct.result index 331b57faa27..82176386817 100644 --- a/mysql-test/main/distinct.result +++ b/mysql-test/main/distinct.result @@ -1093,6 +1093,7 @@ sum(distinct 1) sum(t1.d) > 5 c 1 1 0 1 0 5 1 1 6 +SET @sort_buffer_size_save= @@sort_buffer_size; set @@sort_buffer_size=1024; insert into t1 select -seq,-seq from seq_1_to_100; select distinct sum(distinct 1), sum(t1.d) > 2, length(group_concat(t1.d)) > 1000 from (t1 e join t1) group by t1.c having t1.c > -2 ; @@ -1106,4 +1107,17 @@ sum(distinct 1) sum(t1.d) > 2 length(group_concat(t1.d)) > 1000 c 1 1 0 5 1 1 0 6 drop table t1; +set @@sort_buffer_size=@sort_buffer_size_save; +# +# MDEV-31113 Server crashes in store_length / Type_handler_string_result::make_sort_key +# with DISTINCT and group function +# +CREATE TABLE t (f INT); +INSERT INTO t VALUES (1),(2); +SELECT DISTINCT CONVERT(STDDEV(f), CHAR(16)) AS f1, UUID() AS f2 FROM t GROUP BY f2 WITH ROLLUP; +f1 f2 +0.0000 # +0.0000 # +0.5000 # +DROP TABLE t; # End of 10.4 tests diff --git a/mysql-test/main/distinct.test b/mysql-test/main/distinct.test index a2a0f14e008..122034885bd 100644 --- a/mysql-test/main/distinct.test +++ b/mysql-test/main/distinct.test @@ -834,10 +834,23 @@ select distinct sum(distinct 1), sum(t1.d) > 5 from (t1 e join t1) group by t1.c select distinct sum(distinct 1), sum(t1.d) > 5, t1.c from (t1 e join t1) group by t1.c; # Force usage of remove_dup_with_compare() algorithm +SET @sort_buffer_size_save= @@sort_buffer_size; set @@sort_buffer_size=1024; insert into t1 select -seq,-seq from seq_1_to_100; select distinct sum(distinct 1), sum(t1.d) > 2, length(group_concat(t1.d)) > 1000 from (t1 e join t1) group by t1.c having t1.c > -2 ; select distinct sum(distinct 1), sum(t1.d) > 2, length(group_concat(t1.d)) > 1000,t1.c from (t1 e join t1) group by t1.c having t1.c > -2; drop table t1; +set @@sort_buffer_size=@sort_buffer_size_save; + +--echo # +--echo # MDEV-31113 Server crashes in store_length / Type_handler_string_result::make_sort_key +--echo # with DISTINCT and group function +--echo # + +CREATE TABLE t (f INT); +INSERT INTO t VALUES (1),(2); +--replace_column 2 # +SELECT DISTINCT CONVERT(STDDEV(f), CHAR(16)) AS f1, UUID() AS f2 FROM t GROUP BY f2 WITH ROLLUP; +DROP TABLE t; --echo # End of 10.4 tests diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 03a2c3d0853..56a185acdd5 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -24226,7 +24226,7 @@ JOIN_TAB::remove_duplicates() if (!(sortorder= (SORT_FIELD*) my_malloc((fields->elements+1) * sizeof(SORT_FIELD), - MYF(MY_WME)))) + MYF(MY_WME | MY_ZEROFILL)))) DBUG_RETURN(TRUE); /* Calculate how many saved fields there is in list */ @@ -24245,7 +24245,6 @@ JOIN_TAB::remove_duplicates() else { /* Item is not stored in temporary table, remember it */ - sorder->field= 0; // Safety, not used sorder->item= item; /* Calculate sorder->length */ item->type_handler()->sortlength(thd, item, sorder);