BUG#17994219: CREATE TABLE .. SELECT PRODUCES INVALID STRUCTURE,

BREAKS RBR Analysis: -------- A table created using a query of the format: CREATE TABLE t1 AS SELECT REPEAT('A',1000) DIV 1 AS a; breaks the Row Based Replication. The query above creates a table having a field of datatype 'bigint' with a display width of 3000 which is beyond the maximum acceptable value of 255. In the RBR mode, CREATE TABLE SELECT statement is replicated as a combination of CREATE TABLE statement equivalent to one the returned by SHOW CREATE TABLE and row events for rows inserted. When this CREATE TABLE event is executed on the slave, an error is reported: Display width out of range for column 'a' (max = 255) The following is the output of 'SHOW CREATE TABLE t1': CREATE TABLE t1(`a` bigint(3000) DEFAULT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1; The problem is due to the combination of two facts: 1) The above CREATE TABLE SELECT statement uses the display width of the result of DIV operation as the display width of the column created without validating the width for out of bound condition. 2) The DIV operation incorrectly returns the length of its first argument as the display width of its result; thus allowing creation of a table with an incorrect display width of 3000 for the field. Fix: ---- This fix changes the DIV operation implementation to correctly evaluate the display width of its result. We check if DIV's results estimated width crosses maximum width for integer value (21) and if yes set it to this maximum value. This patch also fixes fixes maximum display width evaluation for DIV function when its first argument is in UCS2.
2014-04-28 16:28:09 +05:30 · 2014-04-28 16:28:09 +05:30 · b34d3728dd
commit b34d3728dd
parent 23f576b539
3 changed files with 62 additions and 4 deletions
--- a/mysql-test/suite/rpl/r/rpl_row_create_select.result
+++ b/mysql-test/suite/rpl/r/rpl_row_create_select.result
@ -0,0 +1,28 @@
+include/master-slave.inc
+[connection master]
+#
+# BUG#17994219: CREATE TABLE .. SELECT PRODUCES INVALID STRUCTURE, 
+#               BREAKS RBR 
+#
+#After the patch, the display width is set to a default
+#value of 21.
+CREATE TABLE t1 AS SELECT REPEAT('A', 1000) DIV 1 AS a;
+Warnings:
+Warning	1366	Incorrect decimal value: '' for column '' at row -1
+SHOW CREATE TABLE t1;
+Table	Create Table
+t1	CREATE TABLE `t1` (
+  `a` bigint(21) DEFAULT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1
+CREATE TABLE t2 AS SELECT CONVERT(REPEAT('A', 255) USING UCS2) DIV 1 AS a;
+Warnings:
+Warning	1366	Incorrect decimal value: '' for column '' at row -1
+SHOW CREATE TABLE t2;
+Table	Create Table
+t2	CREATE TABLE `t2` (
+  `a` bigint(21) DEFAULT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1
+#After the patch, no error is reported.
+DROP TABLE t1;
+DROP TABLE t2;
+include/rpl_end.inc
--- a/mysql-test/suite/rpl/t/rpl_row_create_select.test
+++ b/mysql-test/suite/rpl/t/rpl_row_create_select.test
@ -0,0 +1,28 @@
+# Testing table creations for row-based replication.
+
+--source include/have_binlog_format_row.inc
+--source include/master-slave.inc
+
+--echo #
+--echo # BUG#17994219: CREATE TABLE .. SELECT PRODUCES INVALID STRUCTURE, 
+--echo #               BREAKS RBR 
+--echo #
+
+connection master;
+--echo #After the patch, the display width is set to a default
+--echo #value of 21.
+CREATE TABLE t1 AS SELECT REPEAT('A', 1000) DIV 1 AS a;
+SHOW CREATE TABLE t1;
+
+CREATE TABLE t2 AS SELECT CONVERT(REPEAT('A', 255) USING UCS2) DIV 1 AS a;
+SHOW CREATE TABLE t2;
+
+--echo #After the patch, no error is reported.
+sync_slave_with_master;
+
+connection master;
+DROP TABLE t1;
+DROP TABLE t2;
+
+--source include/rpl_end.inc
+
--- a/sql/item_func.cc
+++ b/sql/item_func.cc
@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@ -1649,9 +1649,11 @@ void Item_func_int_div::fix_length_and_dec()
 {
  Item_result argtype= args[0]->result_type();
  /* use precision ony for the data type it is applicable for and valid */
-  max_length=args[0]->max_length -
-    (argtype == DECIMAL_RESULT || argtype == INT_RESULT ?
-     args[0]->decimals : 0);
+  uint32 char_length= args[0]->max_char_length() -
+                      (argtype == DECIMAL_RESULT || argtype == INT_RESULT ?
+                       args[0]->decimals : 0);
+  fix_char_length(char_length > MY_INT64_NUM_DECIMAL_DIGITS ?
+                  MY_INT64_NUM_DECIMAL_DIGITS : char_length);
  maybe_null=1;
  unsigned_flag=args[0]->unsigned_flag | args[1]->unsigned_flag;
 }