From b6e3a9e28c731429f4cdebc78cef580a8cf3a1f4 Mon Sep 17 00:00:00 2001 From: Igor Babaev Date: Sat, 26 Jul 2008 13:44:07 -0700 Subject: [PATCH 1/3] Fixed bug #38191. Calling List::delete_elements for the same list twice caused a crash of the server in the function JOIN::cleaunup. Ensured that delete_elements() in JOIN::cleanup would be called only once. mysql-test/r/subselect.result: Added a test case for bug #38191. mysql-test/t/subselect.test: Added a test case for bug #38191. sql/sql_select.cc: Fixed bug #38191. Ensured that delete_elements() in JOIN::cleanup would be called only once. --- mysql-test/r/subselect.result | 11 +++++++++++ mysql-test/t/subselect.test | 12 ++++++++++++ sql/sql_select.cc | 6 ++++++ 3 files changed, 29 insertions(+) diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result index 12e3aac486e..c5bae840214 100644 --- a/mysql-test/r/subselect.result +++ b/mysql-test/r/subselect.result @@ -4396,4 +4396,15 @@ id select_type table type possible_keys key key_len ref rows Extra Warnings: Note 1003 select 1 AS `1` from `test`.`t1` where (1,(select 1 AS `1` from `test`.`t1` where (`test`.`t1`.`a` > 3) group by `test`.`t1`.`a` having ((1) = (1)))) DROP TABLE t1; +CREATE TABLE t1(pk int PRIMARY KEY, a int, INDEX idx(a)); +INSERT INTO t1 VALUES (1, 10), (3, 30), (2, 20); +CREATE TABLE t2(pk int PRIMARY KEY, a int, b int, INDEX idxa(a)); +INSERT INTO t2 VALUES (2, 20, 700), (1, 10, 200), (4, 10, 100); +SELECT * FROM t1 +WHERE EXISTS (SELECT DISTINCT a FROM t2 WHERE t1.a < t2.a ORDER BY b); +pk a +1 10 +3 30 +2 20 +DROP TABLE t1,t2; End of 5.0 tests. diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test index 4d9507f1231..2dfad2c58dd 100644 --- a/mysql-test/t/subselect.test +++ b/mysql-test/t/subselect.test @@ -3295,5 +3295,17 @@ EXPLAIN EXTENDED SELECT 1 FROM t1 WHERE 1 IN (SELECT 1 FROM t1 GROUP BY a); EXPLAIN EXTENDED SELECT 1 FROM t1 WHERE 1 IN (SELECT 1 FROM t1 WHERE a > 3 GROUP BY a); DROP TABLE t1; +# +# Bug #38191: Server crash with subquery containing DISTINCT and ORDER BY +# + +CREATE TABLE t1(pk int PRIMARY KEY, a int, INDEX idx(a)); +INSERT INTO t1 VALUES (1, 10), (3, 30), (2, 20); +CREATE TABLE t2(pk int PRIMARY KEY, a int, b int, INDEX idxa(a)); +INSERT INTO t2 VALUES (2, 20, 700), (1, 10, 200), (4, 10, 100); +SELECT * FROM t1 + WHERE EXISTS (SELECT DISTINCT a FROM t2 WHERE t1.a < t2.a ORDER BY b); +DROP TABLE t1,t2; + --echo End of 5.0 tests. diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 60ba7591726..c222b8a55ca 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -6469,6 +6469,12 @@ void JOIN::cleanup(bool full) if (tmp_join) tmp_table_param.copy_field= 0; group_fields.delete_elements(); + /* + Ensure that the above delete_elements() would not be called + twice for the same list. + */ + if (tmp_join && tmp_join != this) + tmp_join->group_fields= group_fields; /* We can't call delete_elements() on copy_funcs as this will cause problems in free_elements() as some of the elements are then deleted. From ae4a35fd5cba393f5e924241b21a7a59fc921b15 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Wed, 30 Jul 2008 14:07:37 +0300 Subject: [PATCH 2/3] Bug#37662 nested if() inside sum() is parsed in exponential time min() and max() functions are implemented in MySQL as macros. This means that max(a,b) is expanded to: ((a) > (b) ? (a) : (b)) Note how 'a' is quoted two times. Now imagine 'a' is a recursive function call that's several 10s of levels deep. And the recursive function does max() with a function arg as well to dive into recursion. This means that simple function call can take most of the clock time. Identified and fixed several such calls to max()/min() : including the IF() sql function implementation. mysql-test/r/func_if.result: Bug#37662 test case mysql-test/t/func_if.test: Bug#37662 test case sql/item.cc: Bug#37662 don't call expensive functions as arguments to min/max sql/item_cmpfunc.cc: Bug#37662 don't call expensive functions as arguments to min/max sql/item_func.cc: Bug#37662 don't call expensive functions as arguments to min/max --- mysql-test/r/func_if.result | 46 +++++++++++++++++++++++++++++++++++++ mysql-test/t/func_if.test | 43 ++++++++++++++++++++++++++++++++++ sql/item.cc | 12 ++++++---- sql/item_cmpfunc.cc | 12 ++++++---- sql/item_func.cc | 15 ++++++------ 5 files changed, 113 insertions(+), 15 deletions(-) diff --git a/mysql-test/r/func_if.result b/mysql-test/r/func_if.result index c75e37fa0a4..7ffc957e285 100644 --- a/mysql-test/r/func_if.result +++ b/mysql-test/r/func_if.result @@ -131,3 +131,49 @@ drop table t1; select if(0, 18446744073709551610, 18446744073709551610); if(0, 18446744073709551610, 18446744073709551610) 18446744073709551610 +CREATE TABLE t1(a DECIMAL(10,3)); +SELECT t1.a, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2,0)))))))))))))))))))))))))))))) + 1 +FROM t1; +a IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((ROUND(t1.a,2)=1), 2, +IF((R +DROP TABLE t1; +End of 5.0 tests diff --git a/mysql-test/t/func_if.test b/mysql-test/t/func_if.test index 5373ca3fec6..8da10f36cbe 100644 --- a/mysql-test/t/func_if.test +++ b/mysql-test/t/func_if.test @@ -108,3 +108,46 @@ drop table t1; select if(0, 18446744073709551610, 18446744073709551610); +# +# Bug #37662: nested if() inside sum() is parsed in exponential time +# + +CREATE TABLE t1(a DECIMAL(10,3)); + +# check : should be fast. more than few secs means failure. +SELECT t1.a, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2, + IF((ROUND(t1.a,2)=1), 2,0)))))))))))))))))))))))))))))) + 1 +FROM t1; + +DROP TABLE t1; + +--echo End of 5.0 tests diff --git a/sql/item.cc b/sql/item.cc index bf447581afa..a5c88f55487 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -429,8 +429,11 @@ uint Item::decimal_precision() const Item_result restype= result_type(); if ((restype == DECIMAL_RESULT) || (restype == INT_RESULT)) - return min(my_decimal_length_to_precision(max_length, decimals, unsigned_flag), - DECIMAL_MAX_PRECISION); + { + uint prec= + my_decimal_length_to_precision(max_length, decimals, unsigned_flag); + return min(prec, DECIMAL_MAX_PRECISION); + } return min(max_length, DECIMAL_MAX_PRECISION); } @@ -6838,8 +6841,9 @@ bool Item_type_holder::join_types(THD *thd, Item *item) if (Field::result_merge_type(fld_type) == DECIMAL_RESULT) { decimals= min(max(decimals, item->decimals), DECIMAL_MAX_SCALE); - int precision= min(max(prev_decimal_int_part, item->decimal_int_part()) - + decimals, DECIMAL_MAX_PRECISION); + int item_int_part= item->decimal_int_part(); + int item_prec = max(prev_decimal_int_part, item_int_part) + decimals; + int precision= min(item_prec, DECIMAL_MAX_PRECISION); unsigned_flag&= item->unsigned_flag; max_length= my_decimal_precision_to_length(precision, decimals, unsigned_flag); diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 16f3e51d615..1994f6bf1a5 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -2098,8 +2098,11 @@ Item_func_ifnull::fix_length_and_dec() uint Item_func_ifnull::decimal_precision() const { - int max_int_part=max(args[0]->decimal_int_part(),args[1]->decimal_int_part()); - return min(max_int_part + decimals, DECIMAL_MAX_PRECISION); + int arg0_int_part= args[0]->decimal_int_part(); + int arg1_int_part= args[1]->decimal_int_part(); + int max_int_part= max(arg0_int_part, arg1_int_part); + int precision= max_int_part + decimals; + return min(precision, DECIMAL_MAX_PRECISION); } @@ -2281,8 +2284,9 @@ Item_func_if::fix_length_and_dec() uint Item_func_if::decimal_precision() const { - int precision=(max(args[1]->decimal_int_part(),args[2]->decimal_int_part())+ - decimals); + int arg1_prec= args[1]->decimal_int_part(); + int arg2_prec= args[2]->decimal_int_part(); + int precision=max(arg1_prec,arg2_prec) + decimals; return min(precision, DECIMAL_MAX_PRECISION); } diff --git a/sql/item_func.cc b/sql/item_func.cc index 7416471d630..e663e1fcf83 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -1156,9 +1156,10 @@ my_decimal *Item_func_plus::decimal_op(my_decimal *decimal_value) void Item_func_additive_op::result_precision() { decimals= max(args[0]->decimals, args[1]->decimals); - int max_int_part= max(args[0]->decimal_precision() - args[0]->decimals, - args[1]->decimal_precision() - args[1]->decimals); - int precision= min(max_int_part + 1 + decimals, DECIMAL_MAX_PRECISION); + int arg1_int= args[0]->decimal_precision() - args[0]->decimals; + int arg2_int= args[1]->decimal_precision() - args[1]->decimals; + int est_prec= max(arg1_int, arg2_int) + 1 + decimals; + int precision= min(est_prec, DECIMAL_MAX_PRECISION); /* Integer operations keep unsigned_flag if one of arguments is unsigned */ if (result_type() == INT_RESULT) @@ -1267,8 +1268,8 @@ void Item_func_mul::result_precision() else unsigned_flag= args[0]->unsigned_flag & args[1]->unsigned_flag; decimals= min(args[0]->decimals + args[1]->decimals, DECIMAL_MAX_SCALE); - int precision= min(args[0]->decimal_precision() + args[1]->decimal_precision(), - DECIMAL_MAX_PRECISION); + uint est_prec = args[0]->decimal_precision() + args[1]->decimal_precision(); + uint precision= min(est_prec, DECIMAL_MAX_PRECISION); max_length= my_decimal_precision_to_length(precision, decimals,unsigned_flag); } @@ -1315,8 +1316,8 @@ my_decimal *Item_func_div::decimal_op(my_decimal *decimal_value) void Item_func_div::result_precision() { - uint precision=min(args[0]->decimal_precision() + prec_increment, - DECIMAL_MAX_PRECISION); + uint arg_prec= args[0]->decimal_precision() + prec_increment; + uint precision=min(arg_prec, DECIMAL_MAX_PRECISION); /* Integer operations keep unsigned_flag if one of arguments is unsigned */ if (result_type() == INT_RESULT) unsigned_flag= args[0]->unsigned_flag | args[1]->unsigned_flag; From b19155258e5e9ae40735c71234277dfc05092ec4 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Thu, 31 Jul 2008 12:28:04 +0300 Subject: [PATCH 3/3] Bug#34159: mysql_install_db fails with sql_mode=TRADITIONAL Reset session sql_mode before creating system tables as it is done in the mysql_fix_privilege_tables.sql script. scripts/mysql_system_tables.sql: reset sql mode --- scripts/mysql_system_tables.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/mysql_system_tables.sql b/scripts/mysql_system_tables.sql index d9c870f1d73..31eb205eed0 100644 --- a/scripts/mysql_system_tables.sql +++ b/scripts/mysql_system_tables.sql @@ -2,6 +2,7 @@ -- The system tables of MySQL Server -- +set sql_mode=''; set storage_engine=myisam; CREATE TABLE IF NOT EXISTS db ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, PRIMARY KEY Host (Host,Db,User), KEY User (User) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Database privileges';