Merge kaamos.(none):/data/src/opt/mysql-5.0-opt

into kaamos.(none):/data/src/opt/mysql-5.1-opt sql/field.h: Auto merged sql/item_timefunc.cc: Auto merged sql/item_timefunc.h: Auto merged sql/set_var.cc: Auto merged sql/sql_base.cc: Auto merged mysql-test/r/subselect.result: Manual merge. mysql-test/t/subselect.test: Manual merge. sql/filesort.cc: Manual merge.
author: unknown <kaa@kaamos.(none)> 2008-01-10 14:35:11 +0300
committer: unknown <kaa@kaamos.(none)> 2008-01-10 14:35:11 +0300
commit: 1040bea9ae86a6bb03c5bb1b9a544333c7c52e3f (patch)
tree: 4464a86a839a427c3f27b161310db83871804609
parent: 3869d3630a8115f69394c35cef8a254c97708e9f (diff)
parent: dafd3f439cf40ae17ba4225738413e74155f7997 (diff)
download: mariadb-git-1040bea9ae86a6bb03c5bb1b9a544333c7c52e3f.tar.gz
3 files changed, 44 insertions, 8 deletions
diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result
index d1173fed7f4..762457d57a6 100644
--- a/mysql-test/r/subselect.result
+++ b/mysql-test/r/subselect.result
@@ -4282,6 +4282,15 @@ SELECT 2 FROM t1 WHERE EXISTS ((SELECT 1 FROM t2 WHERE t1.a=t2.a) UNION
 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UNION 
 (SELECT 1 FROM t2 WHERE t1.a = t2.a))' at line 2
 DROP TABLE t1,t2;
+create table t1(f11 int, f12 int);
+create table t2(f21 int unsigned not null, f22 int, f23 varchar(10));
+insert into t1 values(1,1),(2,2), (3, 3);
+set session sort_buffer_size= 33*1024;
+select count(*) from t1 where f12 = 
+(select f22 from t2 where f22 = f12 order by f21 desc, f22, f23 limit 1);
+count(*)
+3
+drop table t1,t2;
 End of 5.0 tests.
 CREATE TABLE t1 (a int, b int);
 INSERT INTO t1 VALUES (2,22),(1,11),(2,22);
diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test
index 077e00a4c6e..ad940f3f5ad 100644
--- a/mysql-test/t/subselect.test
+++ b/mysql-test/t/subselect.test
@@ -3136,6 +3136,28 @@ SELECT 2 FROM t1 WHERE EXISTS ((SELECT 1 FROM t2 WHERE t1.a=t2.a) UNION
 
 DROP TABLE t1,t2;
 
+#
+# Bug#33675: Usage of an uninitialized memory by filesort in a subquery
+#            caused server crash.
+#
+create table t1(f11 int, f12 int);
+create table t2(f21 int unsigned not null, f22 int, f23 varchar(10));
+insert into t1 values(1,1),(2,2), (3, 3);
+let $i=10000;
+--disable_query_log
+--disable_warnings
+while ($i)
+{
+  eval insert into t2 values (-1 , $i/5000 + 1, '$i');
+  dec $i;
+}
+--enable_warnings
+--enable_query_log
+set session sort_buffer_size= 33*1024;
+select count(*) from t1 where f12 = 
+(select f22 from t2 where f22 = f12 order by f21 desc, f22, f23 limit 1);
+
+drop table t1,t2;
 
 --echo End of 5.0 tests.
 
@@ -3165,6 +3187,7 @@ SELECT a FROM t1 t0
 SET @@sql_mode=default;
 DROP TABLE t1;
 
+#
 # Bug#20835 (literal string with =any values)
 #
 CREATE TABLE t1 (s1 char(1));
diff --git a/sql/filesort.cc b/sql/filesort.cc
index 2e6f0ecaf05..b9de65bb46b 100644
--- a/sql/filesort.cc
+++ b/sql/filesort.cc
@@ -37,7 +37,8 @@ if (my_b_write((file),(uchar*) (from),param->ref_length)) \
 
 static char **make_char_array(char **old_pos, register uint fields,
                               uint length, myf my_flag);
-static BUFFPEK *read_buffpek_from_file(IO_CACHE *buffer_file, uint count);
+static byte *read_buffpek_from_file(IO_CACHE *buffer_file, uint count,
+                                    byte *buf);
 static ha_rows find_all_keys(SORTPARAM *param,SQL_SELECT *select,
 			     uchar * *sort_keys, IO_CACHE *buffer_file,
 			     IO_CACHE *tempfile,IO_CACHE *indexfile);
@@ -244,9 +245,10 @@ ha_rows filesort(THD *thd, TABLE *table, SORT_FIELD *sortorder, uint s_length,
   }
   else
   {
-    if (!table_sort.buffpek && table_sort.buffpek_len < maxbuffer &&
-        !(table_sort.buffpek=
-          (uchar *) read_buffpek_from_file(&buffpek_pointers, maxbuffer)))
+    if (!(table_sort.buffpek=
+          (uchar *) read_buffpek_from_file(&buffpek_pointers, maxbuffer,
+                                 (table_sort.buffpek_len < maxbuffer ?
+                                  NULL : table_sort.buffpek))))
       goto err;
     buffpek= (BUFFPEK *) table_sort.buffpek;
     table_sort.buffpek_len= maxbuffer;
@@ -374,14 +376,16 @@ static char **make_char_array(char **old_pos, register uint fields,
 
 /* Read 'count' number of buffer pointers into memory */
 
-static BUFFPEK *read_buffpek_from_file(IO_CACHE *buffpek_pointers, uint count)
+static byte *read_buffpek_from_file(IO_CACHE *buffpek_pointers, uint count,
+                                    byte *buf)
 {
-  ulong length;
-  BUFFPEK *tmp;
+  ulong length= sizeof(BUFFPEK)*count;
+  byte *tmp= buf;
   DBUG_ENTER("read_buffpek_from_file");
   if (count > UINT_MAX/sizeof(BUFFPEK))
     return 0; /* sizeof(BUFFPEK)*count will overflow */
-  tmp=(BUFFPEK*) my_malloc(length=sizeof(BUFFPEK)*count, MYF(MY_WME));
+  if (!tmp)
+    tmp= (byte *)my_malloc(length, MYF(MY_WME));
   if (tmp)
   {
     if (reinit_io_cache(buffpek_pointers,READ_CACHE,0L,0,0) ||
author	unknown <kaa@kaamos.(none)>	2008-01-10 14:35:11 +0300
committer	unknown <kaa@kaamos.(none)>	2008-01-10 14:35:11 +0300
commit	1040bea9ae86a6bb03c5bb1b9a544333c7c52e3f (patch)
tree	4464a86a839a427c3f27b161310db83871804609
parent	3869d3630a8115f69394c35cef8a254c97708e9f (diff)
parent	dafd3f439cf40ae17ba4225738413e74155f7997 (diff)
download	mariadb-git-1040bea9ae86a6bb03c5bb1b9a544333c7c52e3f.tar.gz