diff options
| author | Georgi Kodinov <joro@sun.com> | 2009-10-30 16:13:13 +0200 |
|---|---|---|
| committer | Georgi Kodinov <joro@sun.com> | 2009-10-30 16:13:13 +0200 |
| commit | 7ccea019a2b513d44561c0effdf2f836e15ba643 (patch) | |
| tree | 6a00ee58df5b3a92ba529b59849170a93e96accc | |
| parent | 17659be52f72adb3bcbf0b5c6b047d7e47064b99 (diff) | |
| parent | 16d0f7f9ce225a1975eed8837e017ff49b0b281a (diff) | |
| download | mariadb-git-7ccea019a2b513d44561c0effdf2f836e15ba643.tar.gz | |
merge
| -rw-r--r-- | mysql-test/r/select.result | 12 | ||||
| -rw-r--r-- | mysql-test/t/select.test | 17 | ||||
| -rw-r--r-- | sql/sql_class.cc | 6 | ||||
| -rw-r--r-- | sql/sql_select.cc | 13 |
4 files changed, 45 insertions, 3 deletions
diff --git a/mysql-test/r/select.result b/mysql-test/r/select.result index a41f95de077..1b615233a14 100644 --- a/mysql-test/r/select.result +++ b/mysql-test/r/select.result @@ -4415,6 +4415,18 @@ SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); 1 1 DROP TABLE t1; +# +# Bug #48291 : crash with row() operator,select into @var, and +# subquery returning multiple rows +# +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES (2),(3); +# Should not crash +SELECT 1 FROM t1 WHERE a <> 1 AND NOT +ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1)) +INTO @var0; +ERROR 21000: Subquery returns more than 1 row +DROP TABLE t1; End of 5.0 tests create table t1(a INT, KEY (a)); INSERT INTO t1 VALUES (1),(2),(3),(4),(5); diff --git a/mysql-test/t/select.test b/mysql-test/t/select.test index 1e7e853da32..51f0cd73374 100644 --- a/mysql-test/t/select.test +++ b/mysql-test/t/select.test @@ -3755,7 +3755,24 @@ EXPLAIN SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); DROP TABLE t1; + +--echo # +--echo # Bug #48291 : crash with row() operator,select into @var, and +--echo # subquery returning multiple rows +--echo # + +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES (2),(3); + +--echo # Should not crash +--error ER_SUBQUERY_NO_1_ROW +SELECT 1 FROM t1 WHERE a <> 1 AND NOT +ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1)) +INTO @var0; + +DROP TABLE t1; + --echo End of 5.0 tests # diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 080839e9b42..ddcd1cee4e9 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -2723,9 +2723,11 @@ bool select_dumpvar::send_data(List<Item> &items) else { Item_func_set_user_var *suv= new Item_func_set_user_var(mv->s, item); - suv->fix_fields(thd, 0); + if (suv->fix_fields(thd, 0)) + DBUG_RETURN (1); suv->save_item_result(item); - suv->update(); + if (suv->update()) + DBUG_RETURN (1); } } DBUG_RETURN(thd->is_error()); diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 17e167b6265..09e71216763 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -11204,6 +11204,7 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab, bool not_used_in_distinct=join_tab->not_used_in_distinct; ha_rows found_records=join->found_records; COND *select_cond= join_tab->select_cond; + bool select_cond_result= TRUE; if (error > 0 || (join->thd->is_error())) // Fatal error return NESTED_LOOP_ERROR; @@ -11215,7 +11216,17 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab, return NESTED_LOOP_KILLED; /* purecov: inspected */ } DBUG_PRINT("info", ("select cond 0x%lx", (ulong)select_cond)); - if (!select_cond || select_cond->val_int()) + + if (select_cond) + { + select_cond_result= test(select_cond->val_int()); + + /* check for errors evaluating the condition */ + if (join->thd->is_error()) + return NESTED_LOOP_ERROR; + } + + if (!select_cond || select_cond_result) { /* There is no select condition or the attached pushed down |