From 56d955a5a00ede27e386d80989297779c689e405 Mon Sep 17 00:00:00 2001
From: "evgen@moonbone.local" <>
Date: Wed, 20 Feb 2008 17:41:39 +0300
Subject: [PATCH 1/4] Bug#33266: Incorrect test case for the bug#31048 failing
 on some platforms.

The test case for the bug#31048 checks that there is no crash on stack
overrun. But due to different stack sizes on different platforms it failed
on some of them.

The new test case check that a query with at least 4 level subquery nesting
works without the stack overrun nesting and other levels of nesting doesn't
cause a crash.
---
 mysql-test/r/subselect.result | 128 ++++++++--------------------------
 mysql-test/t/subselect.test   | 124 ++++++++++----------------------
 2 files changed, 69 insertions(+), 183 deletions(-)

diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result
index 527c45671f4..2de2589fc92 100644
--- a/mysql-test/r/subselect.result
+++ b/mysql-test/r/subselect.result
@@ -4147,103 +4147,37 @@ DROP TABLE t1,t2;
 create table t1(a int,b int,key(a),key(b));
 insert into t1(a,b) values (1,2),(2,1),(2,3),(3,4),(5,4),(5,5),
 (6,7),(7,4),(5,3);
-select sum(a),a from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1
-)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1) 
-group by a;
-sum(a)	a
-select sum(a),a from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1) 
-group by a;
-ERROR HY000: Thread stack overrun detected
-explain select sum(a),a from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 
-)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1) 
-group by a;
-id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
-1	PRIMARY	t1	index	a	a	5	NULL	9	Using where; Using index
-2	SUBQUERY	t1	range	a	a	5	NULL	9	Using where; Using temporary; Using filesort
-3	SUBQUERY	t1	range	a	a	5	NULL	9	Using where; Using temporary; Using filesort
-4	SUBQUERY	t1	range	a	a	5	NULL	9	Using where; Using temporary; Using filesort
-5	SUBQUERY	t1	range	a	a	5	NULL	9	Using where; Using temporary; Using filesort
-6	SUBQUERY	t1	range	a	a	5	NULL	9	Using where; Using temporary; Using filesort
-7	SUBQUERY	t1	range	a	a	5	NULL	9	Using where; Using temporary; Using filesort
-8	SUBQUERY	t1	range	a	a	5	NULL	9	Using where; Using temporary; Using filesort
-9	SUBQUERY	t1	range	a	a	5	NULL	9	Using where; Using temporary; Using filesort
-10	SUBQUERY	t1	range	a	a	5	NULL	9	Using where; Using temporary; Using filesort
-11	SUBQUERY	t1	range	a	a	5	NULL	9	Using where; Using temporary; Using filesort
-12	SUBQUERY	t1	range	a	a	5	NULL	1	Using where; Using temporary; Using filesort
-13	SUBQUERY	t1	index	NULL	a	5	NULL	9	Using index
-explain select sum(a),a from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-select sum(a) from t1 
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1
-)group by b limit 1)group by b limit 1)group by b limit 1) 
-group by a;
-ERROR HY000: Thread stack overrun detected
+5
+4
+3
+2
+1
+26
+25
+24
+23
+22
+21
+20
+19
+18
+17
+16
+15
+14
+13
+12
+11
+10
+9
+8
+7
+6
+5
+4
+3
+2
+1
 drop table t1;
 CREATE TABLE t1 (a1 INT, a2 INT);
 CREATE TABLE t2 (b1 INT, b2 INT);
diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test
index 326d80f84c1..c5edd5414e3 100644
--- a/mysql-test/t/subselect.test
+++ b/mysql-test/t/subselect.test
@@ -3006,92 +3006,44 @@ DROP TABLE t1,t2;
 create table t1(a int,b int,key(a),key(b));
 insert into t1(a,b) values (1,2),(2,1),(2,3),(3,4),(5,4),(5,5),
   (6,7),(7,4),(5,3);
-# test for the stack overflow bug
-select sum(a),a from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1
-  )group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1) 
-group by a;
---replace_regex /overrun.*$/overrun detected/
---error 1436
-select sum(a),a from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1) 
-group by a;
-# test for the memory consumption & subquery slowness bug
-explain select sum(a),a from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 
-  )group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1) 
-group by a;
---replace_regex /overrun.*$/overrun detected/
---error 1436
-explain select sum(a),a from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
-  select sum(a) from t1 
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1
-  )group by b limit 1)group by b limit 1)group by b limit 1) 
-group by a;
+
+let $nesting= 26;
+let $should_work_nesting= 5;
+let $start= select sum(a),a from t1 where a> ( select sum(a) from t1 ;
+let $end= )group by a ;
+let $start_app= where a> ( select sum(a) from t1 ;
+let $end_pre= )group by b limit 1 ;
+
+--disable_result_log
+--disable_query_log
+# At least 4 level nesting should work without errors
+while ($should_work_nesting)
+{
+--echo $should_work_nesting
+  eval $start $end;
+  eval explain $start $end;
+  let $start= $start
+  $start_app;
+  let $end= $end_pre
+  $end;
+  dec $should_work_nesting;
+}
+# Other may fail with the 'stack overrun error'
+while ($nesting)
+{
+--echo $nesting
+--error 0,1436
+  eval $start $end;
+--error 0,1436
+  eval explain $start $end;
+  let $start= $start
+  $start_app;
+  let $end= $end_pre
+  $end;
+  dec $nesting;
+}
+--enable_result_log
+--enable_query_log
 drop table t1;
 
 #

From 0443189d898a7de7a71b3399765dbf25db2ae4cf Mon Sep 17 00:00:00 2001
From: "gkodinov/kgeorge@magare.gmz" <>
Date: Thu, 28 Feb 2008 13:31:19 +0200
Subject: [PATCH 2/4] Bug #34747: crash in debug assertion check after derived
 table

Was a double-free of the Unique member of Item_func_group_concat.
This was not causing a crash because the Unique is a descendent of
Sql_alloc.
Fixed to free the Unique only if it was allocated for the instance
of Item_func_group_concat it was referenced from
---
 mysql-test/r/func_gconcat.result | 15 +++++++++++++++
 mysql-test/t/func_gconcat.test   | 17 +++++++++++++++++
 sql/item_sum.cc                  |  2 +-
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/func_gconcat.result b/mysql-test/r/func_gconcat.result
index 19b5f03de6b..77d11831842 100644
--- a/mysql-test/r/func_gconcat.result
+++ b/mysql-test/r/func_gconcat.result
@@ -931,4 +931,19 @@ SELECT GROUP_CONCAT(DISTINCT b, a ORDER BY b) FROM t1;
 GROUP_CONCAT(DISTINCT b, a ORDER BY b)
 11,22,32
 DROP TABLE t1, t2, t3;
+CREATE TABLE t1(a INT);
+INSERT INTO t1 VALUES (),();
+SELECT s1.d1 FROM
+(
+SELECT
+t1.a as d1,
+GROUP_CONCAT(DISTINCT t1.a) AS d2
+FROM
+t1 AS t1,
+t1 AS t2
+GROUP BY 1
+) AS s1;
+d1
+NULL
+DROP TABLE t1;
 End of 5.0 tests
diff --git a/mysql-test/t/func_gconcat.test b/mysql-test/t/func_gconcat.test
index 84c286e516b..87632fbdbb8 100644
--- a/mysql-test/t/func_gconcat.test
+++ b/mysql-test/t/func_gconcat.test
@@ -640,4 +640,21 @@ SELECT GROUP_CONCAT(DISTINCT b, a ORDER BY b) FROM t1;
 
 DROP TABLE t1, t2, t3;
 
+#
+# Bug #34747: crash in debug assertion check after derived table
+#
+CREATE TABLE t1(a INT);
+INSERT INTO t1 VALUES (),();
+SELECT s1.d1 FROM
+(
+ SELECT
+  t1.a as d1,
+  GROUP_CONCAT(DISTINCT t1.a) AS d2
+ FROM
+  t1 AS t1,
+  t1 AS t2
+ GROUP BY 1
+) AS s1;
+DROP TABLE t1;
+
 --echo End of 5.0 tests
diff --git a/sql/item_sum.cc b/sql/item_sum.cc
index 47a7073c2e7..3d6d46ab3f4 100644
--- a/sql/item_sum.cc
+++ b/sql/item_sum.cc
@@ -3460,6 +3460,6 @@ void Item_func_group_concat::print(String *str)
 
 Item_func_group_concat::~Item_func_group_concat()
 {
-  if (unique_filter) 
+  if (!original && unique_filter)
     delete unique_filter;    
 }

From b8a47c985837cda69afd4e081ce6823315e5e956 Mon Sep 17 00:00:00 2001
From: "gkodinov/kgeorge@magare.gmz" <>
Date: Thu, 28 Feb 2008 16:29:14 +0200
Subject: [PATCH 3/4] merge of bug 33266 to 5.1-opt

---
 mysql-test/r/subselect.result | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result
index 20d44933128..fe8374d665b 100644
--- a/mysql-test/r/subselect.result
+++ b/mysql-test/r/subselect.result
@@ -4155,6 +4155,41 @@ SELECT ((a1,a2) IN (SELECT * FROM t2 WHERE b2 > 0)) IS NULL FROM t1;
 0
 0
 DROP TABLE t1, t2;
+create table t1(a int,b int,key(a),key(b));
+insert into t1(a,b) values (1,2),(2,1),(2,3),(3,4),(5,4),(5,5),
+(6,7),(7,4),(5,3);
+5
+4
+3
+2
+1
+26
+25
+24
+23
+22
+21
+20
+19
+18
+17
+16
+15
+14
+13
+12
+11
+10
+9
+8
+7
+6
+5
+4
+3
+2
+1
+drop table t1;
 CREATE TABLE t1 (s1 BINARY(5), s2 VARBINARY(5));
 INSERT INTO t1 VALUES (0x41,0x41), (0x42,0x42), (0x43,0x43);
 SELECT s1, s2 FROM t1 WHERE s2 IN (SELECT s1 FROM t1);

From c51106740da269915185112414e1dfecfe41b427 Mon Sep 17 00:00:00 2001
From: "gshchepa/uchum@host.loc" <>
Date: Thu, 28 Feb 2008 22:53:31 +0400
Subject: [PATCH 4/4] Fixed bug #34620: item_row.cc:50:
 Item_row::illegal_method_call(const char*):                   Assertion `0'
 failed

If ROW item is a part of an expression that also has
aggregate function calls (COUNT/SUM/AVG...), a
"splitting" with an Item::split_sum_func2 function
is applied to that ROW item.
Current implementation of Item::split_sum_func2
replaces this Item_row with a newly created
Item_aggregate_ref reference to it.
Then the row cache tries to work with the
Item_aggregate_ref object as with the Item_row object:
row cache calls row-emulation methods such as cols and
element_index. Item_aggregate_ref (like it's parent
Item_ref) inherits dummy implementations of those
methods from the hierarchy root Item, and call to
them leads to failed assertions and wrong data
output.

Row-emulation virtual functions (cols, element_index, addr,
check_cols, null_inside and bring_value) of Item_ref have
been overloaded to forward calls to an underlying item
reference.
---
 mysql-test/r/row.result |  9 +++++++++
 mysql-test/t/row.test   | 13 +++++++++++++
 sql/item.h              | 29 +++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+)

diff --git a/mysql-test/r/row.result b/mysql-test/r/row.result
index 702e66fea62..98c79d4bc00 100644
--- a/mysql-test/r/row.result
+++ b/mysql-test/r/row.result
@@ -434,3 +434,12 @@ SELECT @x;
 @x
 99
 DROP TABLE t1;
+CREATE TABLE t1 (a INT, b INT);
+INSERT INTO t1 VALUES (1,1);
+SELECT ROW(a, 1) IN (SELECT SUM(b), 1) FROM t1 GROUP BY a;
+ROW(a, 1) IN (SELECT SUM(b), 1)
+1
+SELECT ROW(a, 1) IN (SELECT SUM(b), 3) FROM t1 GROUP BY a;
+ROW(a, 1) IN (SELECT SUM(b), 3)
+0
+DROP TABLE t1;
diff --git a/mysql-test/t/row.test b/mysql-test/t/row.test
index 20d044306a6..1601f7afd0e 100644
--- a/mysql-test/t/row.test
+++ b/mysql-test/t/row.test
@@ -224,3 +224,16 @@ SET @x:= (SELECT h FROM t1 WHERE (a,b,c,d,e,f,g)=(1,2,3,4,5,6,7));
 SELECT @x;
 
 DROP TABLE t1;
+
+#
+# Bug #34620: item_row.cc:50: Item_row::illegal_method_call(const char*):
+#             Assertion `0' failed
+#
+
+CREATE TABLE t1 (a INT, b INT);
+INSERT INTO t1 VALUES (1,1);
+
+SELECT ROW(a, 1) IN (SELECT SUM(b), 1) FROM t1 GROUP BY a;
+SELECT ROW(a, 1) IN (SELECT SUM(b), 3) FROM t1 GROUP BY a;
+
+DROP TABLE t1;
diff --git a/sql/item.h b/sql/item.h
index f87499f23e3..c8b8e48b0ed 100644
--- a/sql/item.h
+++ b/sql/item.h
@@ -1990,6 +1990,35 @@ public:
   Item_field *filed_for_view_update()
     { return (*ref)->filed_for_view_update(); }
   virtual Ref_Type ref_type() { return REF; }
+
+  // Row emulation: forwarding of ROW-related calls to ref
+  uint cols()
+  {
+    return ref && result_type() == ROW_RESULT ? (*ref)->cols() : 1;
+  }
+  Item* element_index(uint i)
+  {
+    return ref && result_type() == ROW_RESULT ? (*ref)->element_index(i) : this;
+  }
+  Item** addr(uint i)
+  {
+    return ref && result_type() == ROW_RESULT ? (*ref)->addr(i) : 0;
+  }
+  bool check_cols(uint c)
+  {
+    return ref && result_type() == ROW_RESULT ? (*ref)->check_cols(c) 
+                                              : Item::check_cols(c);
+  }
+  bool null_inside()
+  {
+    return ref && result_type() == ROW_RESULT ? (*ref)->null_inside() : 0;
+  }
+  void bring_value()
+  { 
+    if (ref && result_type() == ROW_RESULT)
+      (*ref)->bring_value();
+  }
+
 };