From b9efbe48900eaa6faac245f59a62761f9eaed9cc Mon Sep 17 00:00:00 2001
From: unknown <kent/mysqldev@mysql.com/production.mysql.com>
Date: Wed, 23 Apr 2008 20:54:53 +0200
Subject: [PATCH 1/2] Raise version number after cloning 5.0.60

---
 configure.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.in b/configure.in
index 9c35dbcc7c7..d40df7b7895 100644
--- a/configure.in
+++ b/configure.in
@@ -7,7 +7,7 @@ AC_INIT(sql/mysqld.cc)
 AC_CANONICAL_SYSTEM
 # The Docs Makefile.am parses this line!
 # remember to also change ndb version below and update version.c in ndb
-AM_INIT_AUTOMAKE(mysql, 5.0.60)
+AM_INIT_AUTOMAKE(mysql, 5.0.62)
 AM_CONFIG_HEADER([include/config.h:config.h.in])
 
 PROTOCOL_VERSION=10
@@ -23,7 +23,7 @@ NDB_SHARED_LIB_VERSION=$NDB_SHARED_LIB_MAJOR_VERSION:0:0
 # ndb version
 NDB_VERSION_MAJOR=5
 NDB_VERSION_MINOR=0
-NDB_VERSION_BUILD=60
+NDB_VERSION_BUILD=62
 NDB_VERSION_STATUS=""
 
 # Set all version vars based on $VERSION. How do we do this more elegant ?

From 1a68ec2809726e12f148a07cf3771c3d73d9983e Mon Sep 17 00:00:00 2001
From: unknown <gkodinov/kgeorge@magare.gmz>
Date: Thu, 1 May 2008 13:49:26 +0300
Subject: [PATCH 2/2] Fix for bug #35298: GROUP_CONCAT with DISTINCT can crash
 the server

The bug is a regression introduced by the patch for bug32798.

The code in Item_func_group_concat::clear() relied on the 'distinct'
variable to check if 'unique_filter' was initialized. That, however,
is not always valid because Item_func_group_concat::setup() can do
shortcuts in some cases w/o initializing 'unique_filter'.

Fixed by checking the value of 'unique_filter' instead of 'distinct'
before dereferencing.


mysql-test/r/func_gconcat.result:
  Added test cases for bugs #35298 and #36024.
mysql-test/t/func_gconcat.test:
  Added test cases for bugs #35298 and #36024.
sql/item_sum.cc:
  Check if unique_filter != NULL before dereferencing it. Non-zero value
  of distinct does not always mean that unique_filter is initialized
  because Item_func_group_concat::setup() can do shortcuts is some cases
---
 mysql-test/r/func_gconcat.result | 26 +++++++++++++++++++++++
 mysql-test/t/func_gconcat.test   | 36 ++++++++++++++++++++++++++++++++
 sql/item_sum.cc                  |  2 +-
 3 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/func_gconcat.result b/mysql-test/r/func_gconcat.result
index 77d11831842..4dddc35e8a8 100644
--- a/mysql-test/r/func_gconcat.result
+++ b/mysql-test/r/func_gconcat.result
@@ -946,4 +946,30 @@ GROUP BY 1
 d1
 NULL
 DROP TABLE t1;
+CREATE TABLE t1 (a INT);
+CREATE TABLE t2 (a INT);
+INSERT INTO t1 VALUES(1);
+SELECT GROUP_CONCAT(DISTINCT t2.a) FROM t1 LEFT JOIN t2 ON t2.a = t1.a GROUP BY t1.a;
+GROUP_CONCAT(DISTINCT t2.a)
+NULL
+DROP TABLE t1, t2;
+CREATE TABLE t1 (a INT, KEY(a));
+CREATE TABLE t2 (b INT);
+INSERT INTO t1 VALUES (NULL), (8), (2);
+INSERT INTO t2 VALUES (4), (10);
+SELECT 1 FROM t1 WHERE t1.a NOT IN
+(
+SELECT GROUP_CONCAT(DISTINCT t1.a)
+FROM  t1 WHERE t1.a IN   
+(
+SELECT b FROM t2
+) 
+AND NOT t1.a >= (SELECT t1.a FROM t1 LIMIT 1)
+GROUP BY t1.a
+);
+1
+1
+1
+1
+DROP TABLE t1, t2;
 End of 5.0 tests
diff --git a/mysql-test/t/func_gconcat.test b/mysql-test/t/func_gconcat.test
index 87632fbdbb8..816ac9c2959 100644
--- a/mysql-test/t/func_gconcat.test
+++ b/mysql-test/t/func_gconcat.test
@@ -657,4 +657,40 @@ SELECT s1.d1 FROM
 ) AS s1;
 DROP TABLE t1;
 
+#
+# Bug #35298: GROUP_CONCAT with DISTINCT can crash the server
+#
+
+CREATE TABLE t1 (a INT);
+CREATE TABLE t2 (a INT);
+
+INSERT INTO t1 VALUES(1);
+
+SELECT GROUP_CONCAT(DISTINCT t2.a) FROM t1 LEFT JOIN t2 ON t2.a = t1.a GROUP BY t1.a;
+
+DROP TABLE t1, t2;
+
+#
+# Bug #36024: group_concat distinct in subquery crash
+#
+
+CREATE TABLE t1 (a INT, KEY(a));
+CREATE TABLE t2 (b INT);
+
+INSERT INTO t1 VALUES (NULL), (8), (2);
+INSERT INTO t2 VALUES (4), (10);
+
+SELECT 1 FROM t1 WHERE t1.a NOT IN
+(
+  SELECT GROUP_CONCAT(DISTINCT t1.a)
+  FROM  t1 WHERE t1.a IN   
+  (
+    SELECT b FROM t2
+  ) 
+  AND NOT t1.a >= (SELECT t1.a FROM t1 LIMIT 1)
+  GROUP BY t1.a
+);
+
+DROP TABLE t1, t2;
+
 --echo End of 5.0 tests
diff --git a/sql/item_sum.cc b/sql/item_sum.cc
index 91f9889b03f..91320d6b56b 100644
--- a/sql/item_sum.cc
+++ b/sql/item_sum.cc
@@ -3222,7 +3222,7 @@ void Item_func_group_concat::clear()
   no_appended= TRUE;
   if (tree)
     reset_tree(tree);
-  if (distinct)
+  if (unique_filter)
     unique_filter->reset();
   /* No need to reset the table as we never call write_row */
 }