database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-05 13:16:09 +03:00
Code Activity

BUG#21477 "memory overruns for certain kinds of subqueries":

Browse Source 
make st_select_lex::setup_ref_array() take into account that 
Item_sum-descendant objects located within descendant SELECTs
may be added into ref_pointer_array.


sql/item_sum.cc:
  BUG#21477 "memory overruns for certain kinds of subqueries":
  Make SELECT_LEX::n_sum_items contain # of Item_sum-derived objects
  that exist within this SELECT.
sql/sql_lex.h:
  BUG#21477 "memory overruns for certain kinds of subqueries":
  Add SELECT_LEX::n_sum_items and SELECT_LEXT::n_child_sum_items.
sql/sql_yacc.yy:
  BUG#21477 "memory overruns for certain kinds of subqueries":
  Make SELECT_LEX::n_sum_items contain # of Item_sum-derived objects
  that exist within this SELECT.
This commit is contained in:
unknown
2006-09-01 13:23:43 +04:00
parent f40b6c273c
commit dd6dc7adea
4 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sql/item_sum.cc
View File

@@ -290,7 +290,9 @@ Item_sum::Item_sum(THD *thd, Item_sum *item):
void Item_sum::mark_as_sum_func() void Item_sum::mark_as_sum_func()
{ {
current_thd->lex->current_select->with_sum_func= 1; SELECT_LEX *cur_select= current_thd->lex->current_select;
cur_select->n_sum_items++;
cur_select->with_sum_func= 1;
with_sum_func= 1; with_sum_func= 1;
} }

8
sql/sql_lex.cc
View File

@@ -1521,10 +1521,10 @@ bool st_select_lex::setup_ref_array(THD *thd, uint order_group_num)
*/ */
Query_arena *arena= thd->stmt_arena; Query_arena *arena= thd->stmt_arena;
return (ref_pointer_array= return (ref_pointer_array=
(Item **)arena->alloc(sizeof(Item*) * (Item **)arena->alloc(sizeof(Item*) * (n_child_sum_items +
(item_list.elements + item_list.elements +
select_n_having_items + select_n_having_items +
order_group_num)* 5)) == 0; order_group_num)*5)) == 0;
} }

8
sql/sql_lex.h
View File

@@ -548,6 +548,12 @@ public:
bool braces; /* SELECT ... UNION (SELECT ... ) <- this braces */ bool braces; /* SELECT ... UNION (SELECT ... ) <- this braces */
/* TRUE when having fix field called in processing of this SELECT */ /* TRUE when having fix field called in processing of this SELECT */
bool having_fix_field; bool having_fix_field;
/* Number of Item_sum-derived objects in this SELECT */
uint n_sum_items;
/* Number of Item_sum-derived objects in children and descendant SELECTs */
uint n_child_sum_items;
/* explicit LIMIT clause was used */ /* explicit LIMIT clause was used */
bool explicit_limit; bool explicit_limit;
/* /*
@@ -640,7 +646,7 @@ public:
bool test_limit(); bool test_limit();
friend void lex_start(THD *thd, uchar *buf, uint length); friend void lex_start(THD *thd, uchar *buf, uint length);
st_select_lex() {} st_select_lex() : n_sum_items(0), n_child_sum_items(0) {}
void make_empty_select() void make_empty_select()
{ {
init_query(); init_query();

2
sql/sql_yacc.yy
View File

@@ -8927,8 +8927,10 @@ subselect_end:
{ {
LEX *lex=Lex; LEX *lex=Lex;
lex->pop_context(); lex->pop_context();
SELECT_LEX *child= lex->current_select;
lex->current_select = lex->current_select->return_after_parsing(); lex->current_select = lex->current_select->return_after_parsing();
lex->nest_level--; lex->nest_level--;
lex->current_select->n_child_sum_items += child->n_sum_items;
}; };
/************************************************************************** /**************************************************************************