diff options
| author | Gleb Shchepa <gshchepa@mysql.com> | 2008-12-31 15:55:04 +0400 |
|---|---|---|
| committer | Gleb Shchepa <gshchepa@mysql.com> | 2008-12-31 15:55:04 +0400 |
| commit | 335e842d24083e8961b7f6b7e9563628dcb8956d (patch) | |
| tree | b6c51b3059dee8e174d2794f6adacf0c0cb437dc /sql/item_cmpfunc.cc | |
| parent | 5185e921dbb25f5e40b52e718f37b18ad3dab2e0 (diff) | |
| download | mariadb-git-335e842d24083e8961b7f6b7e9563628dcb8956d.tar.gz | |
Bug #41363: crash of mysqld on windows with aggregate in case
Execution of queries containing the CASE function of
aggregate function like in "SELECT ... CASE ARGV(...) WHEN ..."
crashed the server.
The CASE function caches pointers to concrete comparison
functions for an each pair of types of CASE-WHERE clause
parameters, i.e. for the "CASE INT_RESULT WHERE REAL_RESULT
THEN ... WHERE DECIMAL_RESULT ... END" function call it
caches comparisons for INT_RESULT with REAL_RESULT and
for INT_RESULT with DECIMAL_RESULT. Usually a result
type is known after a call to the fix_fields function,
however, the setup_copy_fields function call may
wrap aggregate items with Item_copy_string that has
STRING_RESULT result type, so setup_copy_fields may
change argument result types of the CASE function after
call to Item_func_case::fix_fields/fix_length_and_dec.
Then the Item_func_case::find_item function tries to
use comparison function for unexpected pair of the
STRING_RESULT and some other type - that caused
an assertion failure of server crash.
The Item_func_case::fix_length_and_dec function has
been modified to take into account possible STRING_RESULT
result type in the presence of aggregate arguments of
the CASE function.
mysql-test/r/func_in.result:
Added test case for bug #41363.
mysql-test/t/func_in.test:
Added test case for bug #41363.
sql/item_cmpfunc.cc:
Bug #41363: crash of mysqld on windows with aggregate in case
The Item_func_case::fix_length_and_dec function has
been modified to take into account possible STRING_RESULT
result type in the presence of aggregate arguments of
the CASE function.
Diffstat (limited to 'sql/item_cmpfunc.cc')
| -rw-r--r-- | sql/item_cmpfunc.cc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index c6b70440b41..813e50e0693 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -2713,6 +2713,16 @@ void Item_func_case::fix_length_and_dec() nagg++; if (!(found_types= collect_cmp_types(agg, nagg))) return; + if (with_sum_func || current_thd->lex->current_select->group_list.elements) + { + /* + See TODO commentary in the setup_copy_fields function: + item in a group may be wrapped with an Item_copy_string item. + That item has a STRING_RESULT result type, so we need + to take this type into account. + */ + found_types |= (1 << item_cmp_type(left_result_type, STRING_RESULT)); + } for (i= 0; i <= (uint)DECIMAL_RESULT; i++) { |