From 3678457d3c707b341a7461d4d2c0e4d71e75e4f9 Mon Sep 17 00:00:00 2001 From: "Tatiana A. Nurnberg" Date: Fri, 19 Feb 2010 15:16:43 +0000 Subject: [PATCH] Bug#49487: crash with explain extended and group_concat in a derived table When EXPLAIN EXTENDED tries to print column names, it checks whether the referenced table is CONST (in which case, the column's value rather than its name will be printed). If no proper table is reference (i.e. because a derived table was used that has since gone out of scope), this will fail spectacularly. This ports an equivalent of the fix for Bug 43354. --- mysql-test/r/func_gconcat.result | 17 +++++++++++++++++ mysql-test/t/func_gconcat.test | 15 +++++++++++++++ sql/item_sum.cc | 4 +++- 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/func_gconcat.result b/mysql-test/r/func_gconcat.result index 4dddc35e8a8..d69a340cddb 100644 --- a/mysql-test/r/func_gconcat.result +++ b/mysql-test/r/func_gconcat.result @@ -972,4 +972,21 @@ GROUP BY t1.a 1 1 DROP TABLE t1, t2; +CREATE TABLE t1 (f1 INT); +INSERT INTO t1 VALUES (),(); +EXPLAIN EXTENDED SELECT 1 FROM +(SELECT DISTINCT GROUP_CONCAT(td.f1) FROM t1,t1 AS td GROUP BY td.f1) AS d,t1; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY system NULL NULL NULL NULL 1 +1 PRIMARY t1 ALL NULL NULL NULL NULL 2 +2 DERIVED t1 ALL NULL NULL NULL NULL 2 Using temporary; Using filesort; Distinct +2 DERIVED td ALL NULL NULL NULL NULL 2 Distinct +Warnings: +Note 1003 select 1 AS `1` from (select distinct group_concat(`test`.`td`.`f1` separator ',') AS `GROUP_CONCAT(td.f1)` from `test`.`t1` join `test`.`t1` `td` group by `test`.`td`.`f1`) `d` join `test`.`t1` +SELECT 1 FROM +(SELECT DISTINCT GROUP_CONCAT(td.f1) FROM t1,t1 AS td GROUP BY td.f1) AS d,t1; +1 +1 +1 +DROP TABLE t1; End of 5.0 tests diff --git a/mysql-test/t/func_gconcat.test b/mysql-test/t/func_gconcat.test index 816ac9c2959..1cbf045e95d 100644 --- a/mysql-test/t/func_gconcat.test +++ b/mysql-test/t/func_gconcat.test @@ -693,4 +693,19 @@ SELECT 1 FROM t1 WHERE t1.a NOT IN DROP TABLE t1, t2; +# +# Bug #49487: crash with explain extended and group_concat in a derived table +# + +CREATE TABLE t1 (f1 INT); +INSERT INTO t1 VALUES (),(); + +EXPLAIN EXTENDED SELECT 1 FROM + (SELECT DISTINCT GROUP_CONCAT(td.f1) FROM t1,t1 AS td GROUP BY td.f1) AS d,t1; + +SELECT 1 FROM + (SELECT DISTINCT GROUP_CONCAT(td.f1) FROM t1,t1 AS td GROUP BY td.f1) AS d,t1; + +DROP TABLE t1; + --echo End of 5.0 tests diff --git a/sql/item_sum.cc b/sql/item_sum.cc index dde8fe29e5a..4c2bde90100 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -3538,6 +3538,8 @@ String* Item_func_group_concat::val_str(String* str) void Item_func_group_concat::print(String *str) { + /* orig_args is not filled with valid values until fix_fields() */ + Item **pargs= fixed ? orig_args : args; str->append(STRING_WITH_LEN("group_concat(")); if (distinct) str->append(STRING_WITH_LEN("distinct ")); @@ -3545,7 +3547,7 @@ void Item_func_group_concat::print(String *str) { if (i) str->append(','); - args[i]->print(str); + pargs[i]->print(str); } if (arg_count_order) {