From bbaae7ecd47e33d26e7c86ab81eb324802978068 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 30 Sep 2009 13:53:41 +0200 Subject: [PATCH 1/9] Set version number for mysql-5.0.84sp1 release --- configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.in b/configure.in index ec432e19ce3..de96f1c6020 100644 --- a/configure.in +++ b/configure.in @@ -7,7 +7,7 @@ AC_INIT(sql/mysqld.cc) AC_CANONICAL_SYSTEM # The Docs Makefile.am parses this line! # remember to also change ndb version below and update version.c in ndb -AM_INIT_AUTOMAKE(mysql, 5.0.84) +AM_INIT_AUTOMAKE(mysql, 5.0.84sp1) AM_CONFIG_HEADER([include/config.h:config.h.in]) PROTOCOL_VERSION=10 From dc7c9277876ceb3dc04d2f3807644fd041511c15 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 30 Sep 2009 14:22:38 +0200 Subject: [PATCH 2/9] Backport into build-200909301147-5.0.84sp1 > ------------------------------------------------------------ > revno: 2791.2.3 > revision-id: joro@sun.com-20090827114042-h55n7qp9990bl6ge > parent: anurag.shekhar@sun.com-20090831073231-e55y1hsck6n08ux8 > committer: Georgi Kodinov > branch nick: B46749-5.0-bugteam > timestamp: Thu 2009-08-27 14:40:42 +0300 > message: > Bug #46749: Segfault in add_key_fields() with outer subquery level > field references > > This error requires a combination of factors : > 1. An "impossible where" in the outermost SELECT > 2. An aggregate in the outermost SELECT > 3. A correlated subquery with a WHERE clause that includes an outer > field reference as a top level WHERE sargable predicate > > When JOIN::optimize detects an "impossible WHERE" it will bail out > without doing the rest of the work and initializations. It will not > call make_join_statistics() as well. And make_join_statistics fills > in various structures for each table referenced. > When processing the result of the "impossible WHERE" the query must > send a single row of data if there are aggregate functions in it. > In this case the server marks all the aggregates as having received > no rows and calls the relevant Item::val_xxx() method on the SELECT > list. However if this SELECT list happens to contain a correlated > subquery this subquery is evaluated in a normal evaluation mode. > And if this correlated subquery has a reference to a field from the > outermost "impossible where" SELECT the add_key_fields will mistakenly > consider the outer field reference as a "local" field reference when > looking for sargable predicates. > But since the SELECT where the outer field reference refers to is not > completely initialized due to the "impossible WHERE" in this level > we'll get a NULL pointer reference. > Fixed by making a better condition for discovering if a field is "local" > to the SELECT level being processed. > It's not enough to look for OUTER_REF_TABLE_BIT in this case since > for outer references to constant tables the Item_field::used_tables() > will return 0 regardless of whether the field reference is from the > local SELECT or not. --- mysql-test/r/subselect.result | 28 ++++++++++++++++++++++++ mysql-test/t/subselect.test | 31 ++++++++++++++++++++++++++ sql/sql_select.cc | 41 +++++++++++++++++++++++++---------- 3 files changed, 88 insertions(+), 12 deletions(-) diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result index 671e5d8f532..213695fa004 100644 --- a/mysql-test/r/subselect.result +++ b/mysql-test/r/subselect.result @@ -4452,4 +4452,32 @@ WHERE 1 IN (SELECT id FROM t1) WITH CHECK OPTION; DELETE FROM v3; DROP VIEW v1,v2,v3; DROP TABLE t1,t2; +# +# Bug #46749: Segfault in add_key_fields() with outer subquery level +# field references +# +CREATE TABLE t1 ( +a int, +b int, +UNIQUE (a), KEY (b) +); +INSERT INTO t1 VALUES (1,1), (2,1); +CREATE TABLE st1 like t1; +INSERT INTO st1 VALUES (1,1), (2,1); +CREATE TABLE st2 like t1; +INSERT INTO st2 VALUES (1,1), (2,1); +EXPLAIN +SELECT MAX(b), (SELECT COUNT(*) FROM st1,st2 WHERE st2.b <= t1.b) +FROM t1 +WHERE a = 230; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY NULL NULL NULL NULL NULL NULL NULL Impossible WHERE noticed after reading const tables +2 DEPENDENT SUBQUERY st1 index NULL a 5 NULL 2 Using index +2 DEPENDENT SUBQUERY st2 index b b 5 NULL 2 Using where; Using index +SELECT MAX(b), (SELECT COUNT(*) FROM st1,st2 WHERE st2.b <= t1.b) +FROM t1 +WHERE a = 230; +MAX(b) (SELECT COUNT(*) FROM st1,st2 WHERE st2.b <= t1.b) +NULL 0 +DROP TABLE t1, st1, st2; End of 5.0 tests. diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test index 96e5738526b..2b19841d170 100644 --- a/mysql-test/t/subselect.test +++ b/mysql-test/t/subselect.test @@ -3428,4 +3428,35 @@ DELETE FROM v3; DROP VIEW v1,v2,v3; DROP TABLE t1,t2; +--echo # +--echo # Bug #46749: Segfault in add_key_fields() with outer subquery level +--echo # field references +--echo # + +CREATE TABLE t1 ( + a int, + b int, + UNIQUE (a), KEY (b) +); +INSERT INTO t1 VALUES (1,1), (2,1); + +CREATE TABLE st1 like t1; +INSERT INTO st1 VALUES (1,1), (2,1); + +CREATE TABLE st2 like t1; +INSERT INTO st2 VALUES (1,1), (2,1); + +# should have "impossible where" +EXPLAIN +SELECT MAX(b), (SELECT COUNT(*) FROM st1,st2 WHERE st2.b <= t1.b) +FROM t1 +WHERE a = 230; + +# should not crash +SELECT MAX(b), (SELECT COUNT(*) FROM st1,st2 WHERE st2.b <= t1.b) +FROM t1 +WHERE a = 230; + +DROP TABLE t1, st1, st2; + --echo End of 5.0 tests. diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 672ebaf9259..20bff90612d 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -3197,6 +3197,28 @@ add_key_equal_fields(KEY_FIELD **key_fields, uint and_level, } } + +/** + Check if an expression is a non-outer field. + + Checks if an expression is a field and belongs to the current select. + + @param field Item expression to check + + @return boolean + @retval TRUE the expression is a local field + @retval FALSE it's something else +*/ + +inline static bool +is_local_field (Item *field) +{ + field= field->real_item(); + return field->type() == Item::FIELD_ITEM && + !((Item_field *)field)->depended_from; +} + + static void add_key_fields(JOIN *join, KEY_FIELD **key_fields, uint *and_level, COND *cond, table_map usable_tables, @@ -3272,13 +3294,12 @@ add_key_fields(JOIN *join, KEY_FIELD **key_fields, uint *and_level, { Item **values; // BETWEEN, IN, NE - if (cond_func->key_item()->real_item()->type() == Item::FIELD_ITEM && + if (is_local_field (cond_func->key_item()) && !(cond_func->used_tables() & OUTER_REF_TABLE_BIT)) { values= cond_func->arguments()+1; if (cond_func->functype() == Item_func::NE_FUNC && - cond_func->arguments()[1]->real_item()->type() == Item::FIELD_ITEM && - !(cond_func->arguments()[0]->used_tables() & OUTER_REF_TABLE_BIT)) + is_local_field (cond_func->arguments()[1])) values--; DBUG_ASSERT(cond_func->functype() != Item_func::IN_FUNC || cond_func->argument_count() != 2); @@ -3294,9 +3315,7 @@ add_key_fields(JOIN *join, KEY_FIELD **key_fields, uint *and_level, for (uint i= 1 ; i < cond_func->argument_count() ; i++) { Item_field *field_item; - if (cond_func->arguments()[i]->real_item()->type() == Item::FIELD_ITEM - && - !(cond_func->arguments()[i]->used_tables() & OUTER_REF_TABLE_BIT)) + if (is_local_field (cond_func->arguments()[i])) { field_item= (Item_field *) (cond_func->arguments()[i]->real_item()); add_key_equal_fields(key_fields, *and_level, cond_func, @@ -3312,8 +3331,7 @@ add_key_fields(JOIN *join, KEY_FIELD **key_fields, uint *and_level, bool equal_func=(cond_func->functype() == Item_func::EQ_FUNC || cond_func->functype() == Item_func::EQUAL_FUNC); - if (cond_func->arguments()[0]->real_item()->type() == Item::FIELD_ITEM && - !(cond_func->arguments()[0]->used_tables() & OUTER_REF_TABLE_BIT)) + if (is_local_field (cond_func->arguments()[0])) { add_key_equal_fields(key_fields, *and_level, cond_func, (Item_field*) (cond_func->arguments()[0])->real_item(), @@ -3321,9 +3339,8 @@ add_key_fields(JOIN *join, KEY_FIELD **key_fields, uint *and_level, cond_func->arguments()+1, 1, usable_tables, sargables); } - if (cond_func->arguments()[1]->real_item()->type() == Item::FIELD_ITEM && - cond_func->functype() != Item_func::LIKE_FUNC && - !(cond_func->arguments()[1]->used_tables() & OUTER_REF_TABLE_BIT)) + if (is_local_field (cond_func->arguments()[1]) && + cond_func->functype() != Item_func::LIKE_FUNC) { add_key_equal_fields(key_fields, *and_level, cond_func, (Item_field*) (cond_func->arguments()[1])->real_item(), @@ -3335,7 +3352,7 @@ add_key_fields(JOIN *join, KEY_FIELD **key_fields, uint *and_level, } case Item_func::OPTIMIZE_NULL: /* column_name IS [NOT] NULL */ - if (cond_func->arguments()[0]->real_item()->type() == Item::FIELD_ITEM && + if (is_local_field (cond_func->arguments()[0]) && !(cond_func->used_tables() & OUTER_REF_TABLE_BIT)) { Item *tmp=new Item_null; From 31c0647f98b2f9979910cfddeff5d5a57995c987 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 30 Sep 2009 14:24:59 +0200 Subject: [PATCH 3/9] Backport into build-200909301147-5.0.84sp1 > ------------------------------------------------------------ > revno: 2796 > revision-id: sergey.glukhov@sun.com-20090827102219-sgjz0v5t1rfccs14 > parent: joro@sun.com-20090824122803-1d5jlaysjc7a7j6q > committer: Sergey Glukhov > branch nick: mysql-5.0-bugteam > timestamp: Thu 2009-08-27 15:22:19 +0500 > message: > Bug#46184 Crash, SELECT ... FROM derived table procedure analyze > The crash happens because select_union object is used as result set > for queries which have derived tables. > select_union use temporary table as data storage and if > fields count exceeds 10(count of values for procedure ANALYSE()) > then we get a crash on fill_record() function. --- mysql-test/r/analyse.result | 9 ++++++--- mysql-test/r/subselect.result | 2 +- mysql-test/t/analyse.test | 10 ++++++++++ mysql-test/t/subselect.test | 2 +- sql/sql_yacc.yy | 3 ++- 5 files changed, 20 insertions(+), 6 deletions(-) diff --git a/mysql-test/r/analyse.result b/mysql-test/r/analyse.result index 49722d5b0ab..1e3a2985f74 100644 --- a/mysql-test/r/analyse.result +++ b/mysql-test/r/analyse.result @@ -28,9 +28,7 @@ test.t1.bool N Y 1 1 0 0 1.0000 NULL ENUM('N','Y') NOT NULL test.t1.d 2002-03-03 2002-03-05 10 10 0 0 10.0000 NULL ENUM('2002-03-03','2002-03-04','2002-03-05') NOT NULL drop table t1,t2; EXPLAIN SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE(); -id select_type table type possible_keys key key_len ref rows Extra -1 PRIMARY system NULL NULL NULL NULL 1 -2 DERIVED NULL NULL NULL NULL NULL NULL NULL No tables used +ERROR HY000: Incorrect usage of PROCEDURE and subquery create table t1 (a int not null); create table t2 select * from t1 where 0=1 procedure analyse(); show create table t2; @@ -153,4 +151,9 @@ select f3 from t1 procedure analyse(1, 1); Field_name Min_value Max_value Min_length Max_length Empties_or_zeros Nulls Avg_value_or_avg_length Std Optimal_fieldtype test.t1.f3 5.99999 9.55555 7 7 0 0 7.77777 1.77778 FLOAT(6,5) NOT NULL drop table t1; +CREATE TABLE t1(a INT,b INT,c INT,d INT,e INT,f INT,g INT,h INT,i INT,j INT,k INT); +INSERT INTO t1 VALUES (); +SELECT * FROM (SELECT * FROM t1) d PROCEDURE ANALYSE(); +ERROR HY000: Incorrect usage of PROCEDURE and subquery +DROP TABLE t1; End of 4.1 tests diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result index 213695fa004..2c66ac9c1de 100644 --- a/mysql-test/r/subselect.result +++ b/mysql-test/r/subselect.result @@ -75,7 +75,7 @@ SELECT 1 FROM (SELECT 1 as a) b WHERE 1 IN (SELECT (SELECT a)); select (SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE(1)); ERROR HY000: Incorrect usage of PROCEDURE and subquery SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE((SELECT 1)); -ERROR HY000: Incorrect parameters to procedure 'ANALYSE' +ERROR HY000: Incorrect usage of PROCEDURE and subquery SELECT (SELECT 1) as a FROM (SELECT 1) b WHERE (SELECT a) IS NULL; ERROR 42S22: Unknown column 'a' in 'field list' SELECT (SELECT 1) as a FROM (SELECT 1) b WHERE (SELECT a) IS NOT NULL; diff --git a/mysql-test/t/analyse.test b/mysql-test/t/analyse.test index efcf5f6421c..d8466df14bf 100644 --- a/mysql-test/t/analyse.test +++ b/mysql-test/t/analyse.test @@ -14,6 +14,7 @@ create table t2 select * from t1 procedure analyse(); select * from t2; drop table t1,t2; +--error ER_WRONG_USAGE EXPLAIN SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE(); # @@ -102,4 +103,13 @@ select f2 from t1 procedure analyse(1, 1); select f3 from t1 procedure analyse(1, 1); drop table t1; +# +# Bug#46184 Crash, SELECT ... FROM derived table procedure analyze +# +CREATE TABLE t1(a INT,b INT,c INT,d INT,e INT,f INT,g INT,h INT,i INT,j INT,k INT); +INSERT INTO t1 VALUES (); +--error ER_WRONG_USAGE +SELECT * FROM (SELECT * FROM t1) d PROCEDURE ANALYSE(); +DROP TABLE t1; + --echo End of 4.1 tests diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test index 2b19841d170..58db0b94f5e 100644 --- a/mysql-test/t/subselect.test +++ b/mysql-test/t/subselect.test @@ -30,7 +30,7 @@ SELECT 1 IN (SELECT 1); SELECT 1 FROM (SELECT 1 as a) b WHERE 1 IN (SELECT (SELECT a)); -- error ER_WRONG_USAGE select (SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE(1)); --- error ER_WRONG_PARAMETERS_TO_PROCEDURE +-- error ER_WRONG_USAGE SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE((SELECT 1)); -- error ER_BAD_FIELD_ERROR SELECT (SELECT 1) as a FROM (SELECT 1) b WHERE (SELECT a) IS NULL; diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 49b7fafcc0b..8258268f390 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -7328,7 +7328,8 @@ procedure_clause: MYSQL_YYABORT; } - if (&lex->select_lex != lex->current_select) + if (&lex->select_lex != lex->current_select || + lex->select_lex.get_table_list()->derived) { my_error(ER_WRONG_USAGE, MYF(0), "PROCEDURE", "subquery"); MYSQL_YYABORT; From 4ecbf3a7b47ac31854b80c531ecfc072f316d682 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 30 Sep 2009 14:26:15 +0200 Subject: [PATCH 4/9] Backport into build-200909301147-5.0.84sp1 > ------------------------------------------------------------ > revno: 2802.1.1 > tags: mysql-5.0.86 > revision-id: hery.ramilison@sun.com-20090909185217-mooeczu391ztp2fz > parent: joro@sun.com-20090902123318-8qe40pr91xmui5ue > committer: hery > branch nick: mysql-5.0.86-release > timestamp: Wed 2009-09-09 20:52:17 +0200 > message: > change c++ comment to c comment --- client/mysqltest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/mysqltest.c b/client/mysqltest.c index 24d021b7239..40c8b6bba46 100644 --- a/client/mysqltest.c +++ b/client/mysqltest.c @@ -1404,7 +1404,7 @@ void show_diff(DYNAMIC_STRING* ds, else diff_name = 0; #else - diff_name = "diff"; // Otherwise always assume it's called diff + diff_name = "diff"; /* Otherwise always assume it's called diff */ #endif if (diff_name) From 3d35e53c85622e0e851bc9fb0d20aa6240dcf67f Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Tue, 6 Oct 2009 10:32:02 +0300 Subject: [PATCH 5/9] version update --- .bzr-mysql/default.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.bzr-mysql/default.conf b/.bzr-mysql/default.conf index 557df1b1ffe..f79c1cd6319 100644 --- a/.bzr-mysql/default.conf +++ b/.bzr-mysql/default.conf @@ -1,4 +1,4 @@ [MYSQL] post_commit_to = "commits@lists.mysql.com" post_push_to = "commits@lists.mysql.com" -tree_name = "mysql-5.0-bugteam" +tree_name = "mysql-5.0" From 33b4ba995061d2b3d24c68414e505a43dbd52ebb Mon Sep 17 00:00:00 2001 From: Joerg Bruehe Date: Thu, 8 Oct 2009 21:58:17 +0200 Subject: [PATCH 6/9] Fix bug#47923 New "mf_keycache.c" requires thread support The bug is a compilation issue: Function "find_key_block()" had thread operations which were not guarded by "#if THREAD", add that now. mysys/mf_keycache.c: Without thread-support, we are in a single-threaded world, so there is no parallelism, and the keycache cannot be within a resize operation while this request is being processed. --- mysys/mf_keycache.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mysys/mf_keycache.c b/mysys/mf_keycache.c index 3c11e6731b7..6ffa8fb3ea8 100644 --- a/mysys/mf_keycache.c +++ b/mysys/mf_keycache.c @@ -1742,6 +1742,7 @@ restart: - block assigned but not yet read from file (invalid data). */ +#if THREAD if (keycache->in_resize) { /* This is a request during a resize operation */ @@ -1983,6 +1984,9 @@ restart: } DBUG_RETURN(0); } +#else /* THREAD */ + DBUG_ASSERT(!keycache->in_resize); +#endif if (page_status == PAGE_READ && (block->status & (BLOCK_IN_EVICTION | BLOCK_IN_SWITCH | From 7b32690cf99c9ba5324fddcd7253df01d7ff03e8 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 13 Oct 2009 20:50:37 +0200 Subject: [PATCH 7/9] Raise version number after cloning 5.0.87 --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index f2d95ff826c..11c97e517ba 100644 --- a/configure.in +++ b/configure.in @@ -7,7 +7,7 @@ AC_INIT(sql/mysqld.cc) AC_CANONICAL_SYSTEM # The Docs Makefile.am parses this line! # remember to also change ndb version below and update version.c in ndb -AM_INIT_AUTOMAKE(mysql, 5.0.87) +AM_INIT_AUTOMAKE(mysql, 5.0.88) AM_CONFIG_HEADER([include/config.h:config.h.in]) PROTOCOL_VERSION=10 @@ -23,7 +23,7 @@ NDB_SHARED_LIB_VERSION=$NDB_SHARED_LIB_MAJOR_VERSION:0:0 # ndb version NDB_VERSION_MAJOR=5 NDB_VERSION_MINOR=0 -NDB_VERSION_BUILD=87 +NDB_VERSION_BUILD=88 NDB_VERSION_STATUS="" # Set all version vars based on $VERSION. How do we do this more elegant ? From 903d21287c835fa76cd3eac7b00276b5195eda3a Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Wed, 14 Oct 2009 18:44:22 +0300 Subject: [PATCH 8/9] version change --- .bzr-mysql/default.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.bzr-mysql/default.conf b/.bzr-mysql/default.conf index f79c1cd6319..557df1b1ffe 100644 --- a/.bzr-mysql/default.conf +++ b/.bzr-mysql/default.conf @@ -1,4 +1,4 @@ [MYSQL] post_commit_to = "commits@lists.mysql.com" post_push_to = "commits@lists.mysql.com" -tree_name = "mysql-5.0" +tree_name = "mysql-5.0-bugteam" From 4bebf043542d3872545caacbe3bae634bc450083 Mon Sep 17 00:00:00 2001 From: Joerg Bruehe Date: Fri, 16 Oct 2009 14:06:33 +0200 Subject: [PATCH 9/9] Compile fix for Windows: Use "#ifdef", not plain "#if". --- mysys/mf_keycache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysys/mf_keycache.c b/mysys/mf_keycache.c index 6ffa8fb3ea8..53a3be6f999 100644 --- a/mysys/mf_keycache.c +++ b/mysys/mf_keycache.c @@ -1742,7 +1742,7 @@ restart: - block assigned but not yet read from file (invalid data). */ -#if THREAD +#ifdef THREAD if (keycache->in_resize) { /* This is a request during a resize operation */