From b17a053cc997adbf3f410aec4a6fab6739a8e15c Mon Sep 17 00:00:00 2001 From: Michael Widenius Date: Thu, 24 Apr 2014 18:20:57 +0300 Subject: [PATCH] MDEV-6129: Server crashes during UNION with ORDER BY field IS NULL Fixed crashing bug for union queries where there was no real tables. mysql-test/r/group_by.result: Added test case mysql-test/t/group_by.test: Added test case sql/db.opt: Removed genrated file sql/item.cc: Handled case when table_list->pos_in_tables is not set. Can only happens when there is no real tables in query --- .bzrignore | 1 + mysql-test/r/group_by.result | 9 +++++++++ mysql-test/t/group_by.test | 11 +++++++++++ sql/db.opt | 2 -- sql/item.cc | 22 +++++++++++++++------- 5 files changed, 36 insertions(+), 9 deletions(-) delete mode 100644 sql/db.opt diff --git a/.bzrignore b/.bzrignore index b373a7b8361..4142df6575f 100644 --- a/.bzrignore +++ b/.bzrignore @@ -1433,3 +1433,4 @@ storage/tokudb/ft-index/utils/tokudb_dump storage/tokudb/ft-index/utils/tokudb_gen storage/tokudb/ft-index/utils/tokudb_load libmysql/libmysql_versions.ld +scripts/mysql_config.pl diff --git a/mysql-test/r/group_by.result b/mysql-test/r/group_by.result index a9e91199949..3de20ac6df4 100644 --- a/mysql-test/r/group_by.result +++ b/mysql-test/r/group_by.result @@ -2473,3 +2473,12 @@ c 1c v 2v,2v NULL 1c,2v,2v DROP TABLE t1,t2; +# +# MDEV-6129: Server crashes during UNION with ORDER BY field IS NULL +# +SET sql_mode='ONLY_FULL_GROUP_BY'; +SELECT 1 AS test UNION SELECT 2 AS test ORDER BY test IS NULL ASC; +test +1 +2 +SET sql_mode=''; diff --git a/mysql-test/t/group_by.test b/mysql-test/t/group_by.test index c6d594edc1f..5aadf0693a1 100644 --- a/mysql-test/t/group_by.test +++ b/mysql-test/t/group_by.test @@ -1643,3 +1643,14 @@ FROM t1 JOIN t2 ON c = b GROUP BY b WITH ROLLUP; DROP TABLE t1,t2; +--echo # +--echo # MDEV-6129: Server crashes during UNION with ORDER BY field IS NULL +--echo # + +SET sql_mode='ONLY_FULL_GROUP_BY'; +SELECT 1 AS test UNION SELECT 2 AS test ORDER BY test IS NULL ASC; +SET sql_mode=''; + +# +# End of MariaDB 5.5 tests +# diff --git a/sql/db.opt b/sql/db.opt deleted file mode 100644 index d8429c4e0de..00000000000 --- a/sql/db.opt +++ /dev/null @@ -1,2 +0,0 @@ -default-character-set=latin1 -default-collation=latin1_swedish_ci diff --git a/sql/item.cc b/sql/item.cc index a4ab81a9e5a..b3d4b4a7616 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -5273,15 +5273,23 @@ mark_non_agg_field: /* Mark selects according to presence of non aggregated fields. Fields from outer selects added to the aggregate function - outer_fields list as its unknown at the moment whether it's + outer_fields list as it's unknown at the moment whether it's aggregated or not. - We're using either the select lex of the cached table (if present) - or the field's resolution context. context->select_lex is - safe for use because it's either the SELECT we want to use - (the current level) or a stub added by non-SELECT queries. + We're using the select lex of the cached table (if present). */ - SELECT_LEX *select_lex= cached_table ? - cached_table->select_lex : field->table->pos_in_table_list->select_lex; + SELECT_LEX *select_lex; + if (cached_table) + select_lex= cached_table->select_lex; + else if (!(select_lex= field->table->pos_in_table_list->select_lex)) + { + /* + This can only happen when there is no real table in the query. + We are using the field's resolution context. context->select_lex is eee + safe for use because it's either the SELECT we want to use + (the current level) or a stub added by non-SELECT queries. + */ + select_lex= context->select_lex; + } if (!thd->lex->in_sum_func) select_lex->set_non_agg_field_used(true); else