From 044060fe164bfbe3666fc18351c2b6795267d2ea Mon Sep 17 00:00:00 2001
From: Chaithra Gopalareddy <chaithra.gopalareddy@oracle.com>
Date: Mon, 23 Mar 2015 14:31:28 +0530
Subject: [PATCH] Bug #20730220 : BACKPORT BUG#19880368  TO 5.1

Backport from mysql-5.5 to mysql-5.1

Bug#19880368 : GROUP_CONCAT CRASHES AFTER DUMP_LEAF_KEY

Problem:
find_order_by_list does not update the address of order_item
correctly after resolving.

Solution:
Change the ref_by address for a order_by field if its
SUM_FUNC_ITEM to the address of the field present in
all_fields.
---
 sql/sql_select.cc | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 03054020d57..21b84cbca54 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -14937,6 +14937,17 @@ find_order_in_list(THD *thd, Item **ref_pointer_array, TABLE_LIST *tables,
   uint el= all_fields.elements;
   all_fields.push_front(order_item); /* Add new field to field list. */
   ref_pointer_array[el]= order_item;
+  /*
+     If the order_item is a SUM_FUNC_ITEM, when fix_fields is called
+     ref_by is set to order->item which is the address of order_item.
+     But this needs to be address of order_item in the all_fields list.
+     As a result, when it gets replaced with Item_aggregate_ref
+     object in Item::split_sum_func2, we will be able to retrieve the
+     newly created object.
+  */
+  if (order_item->type() == Item::SUM_FUNC_ITEM)
+    ((Item_sum *)order_item)->ref_by= all_fields.head_ref();
+
   order->item= ref_pointer_array + el;
   return FALSE;
 }