diff options
| author | unknown <kaa@polly.(none)> | 2007-11-16 14:24:06 +0300 |
|---|---|---|
| committer | unknown <kaa@polly.(none)> | 2007-11-16 14:24:06 +0300 |
| commit | 4b48eb6f1e4565ba31982f73908664108ba0fb7b (patch) | |
| tree | f8291a420e98b26c7058c22927b5c38f15f72aaf | |
| parent | 0372747a3e02c28c64baedf41604ebb492d593eb (diff) | |
| parent | 1c1dd1f25c42081c7bf72042ccfcb83896298aab (diff) | |
| download | mariadb-git-4b48eb6f1e4565ba31982f73908664108ba0fb7b.tar.gz | |
Merge polly.(none):/home/kaa/src/opt/bug32241/my50-bug29131
into polly.(none):/home/kaa/src/opt/mysql-5.0-opt
sql/sql_select.cc:
Auto merged
| -rw-r--r-- | mysql-test/r/explain.result | 20 | ||||
| -rw-r--r-- | mysql-test/t/explain.test | 28 | ||||
| -rw-r--r-- | sql/sql_select.cc | 3 |
3 files changed, 50 insertions, 1 deletions
diff --git a/mysql-test/r/explain.result b/mysql-test/r/explain.result index 24ff44945bf..a4c8432d2a4 100644 --- a/mysql-test/r/explain.result +++ b/mysql-test/r/explain.result @@ -87,3 +87,23 @@ Warnings: Note 1003 select '1' AS `f1`,'1' AS `f2` from `test`.`t1` having 1 drop view v1; drop table t1; +CREATE TABLE t1(c INT); +INSERT INTO t1 VALUES (),(); +CREATE TABLE t2 (b INT, +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b)); +INSERT INTO t2 VALUES (),(),(); +EXPLAIN SELECT 1 FROM +(SELECT 1 FROM t2,t1 WHERE b < c GROUP BY 1 LIMIT 1) AS d2; +id select_type table type possible_keys key key_len ref rows Extra +X X X X X X X X X const row not found +X X X X X X X X X +X X X X X X X X X Range checked for each record (index map: 0xFFFFFFFFFF) +DROP TABLE t2; +DROP TABLE t1; diff --git a/mysql-test/t/explain.test b/mysql-test/t/explain.test index 04cf37f457a..c9ae8aceaf6 100644 --- a/mysql-test/t/explain.test +++ b/mysql-test/t/explain.test @@ -66,4 +66,32 @@ explain extended select * from t1 having 1; drop view v1; drop table t1; +# +# Bug #32241: memory corruption due to large index map in 'Range checked for +# each record' +# + +CREATE TABLE t1(c INT); +INSERT INTO t1 VALUES (),(); + +CREATE TABLE t2 (b INT, +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b), +KEY(b),KEY(b),KEY(b),KEY(b),KEY(b)); + +INSERT INTO t2 VALUES (),(),(); + +# We only need to make sure that there is no buffer overrun and the index map +# is displayed correctly +--replace_column 1 X 2 X 3 X 4 X 5 X 6 X 7 X 8 X 9 X +EXPLAIN SELECT 1 FROM + (SELECT 1 FROM t2,t1 WHERE b < c GROUP BY 1 LIMIT 1) AS d2; +DROP TABLE t2; +DROP TABLE t1; + # End of 5.0 tests. diff --git a/sql/sql_select.cc b/sql/sql_select.cc index f8cbaee0b89..3d3b8668a79 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -15327,7 +15327,8 @@ static void select_describe(JOIN *join, bool need_tmp_table, bool need_order, { if (tab->use_quick == 2) { - char buf[MAX_KEY/8+1]; + /* 4 bits per 1 hex digit + terminating '\0' */ + char buf[MAX_KEY / 4 + 1]; extra.append(STRING_WITH_LEN("; Range checked for each " "record (index map: 0x")); extra.append(tab->keys.print(buf)); |