diff options
| author | Monty <monty@mariadb.org> | 2015-06-25 23:18:48 +0300 |
|---|---|---|
| committer | Monty <monty@mariadb.org> | 2015-06-25 23:18:48 +0300 |
| commit | 2e941fe9fce7f1667993916ff3f238a283286d3f (patch) | |
| tree | 2be9e9ab8801364e1971fa20ef96a1f6fc478403 /sql | |
| parent | d199a0ffb0aac86881ea2db7dd78bc07b438dc67 (diff) | |
| download | mariadb-git-2e941fe9fce7f1667993916ff3f238a283286d3f.tar.gz | |
Fixed crashing bug when using ONLY_FULL_GROUP_BY in a stored procedure/trigger that is repeatedly executed.
This is MDEV-7601, including it's sub tasks MDEV-7594, MDEV-7555, MDEV-7590, MDEV-7581, MDEV-7589
The problem was that select_lex->non_agg_fields was not properly reset for re-execution and this caused an overwrite of a random memory position.
The fix was move non_agg_fields from select_lext to JOIN, which is properly reset.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/item.cc | 7 | ||||
| -rw-r--r-- | sql/item.h | 2 | ||||
| -rw-r--r-- | sql/sql_lex.cc | 2 | ||||
| -rw-r--r-- | sql/sql_lex.h | 2 | ||||
| -rw-r--r-- | sql/sql_select.cc | 2 | ||||
| -rw-r--r-- | sql/sql_select.h | 4 | ||||
| -rw-r--r-- | sql/sql_union.cc | 3 | ||||
| -rw-r--r-- | sql/table.cc | 2 |
8 files changed, 14 insertions, 10 deletions
diff --git a/sql/item.cc b/sql/item.cc index dbcf1b4cbe1..2f49ae46596 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -4883,7 +4883,7 @@ Item_field::fix_outer_field(THD *thd, Field **from_field, Item **reference) non aggregated fields of the outer select. */ marker= select->cur_pos_in_select_list; - select->non_agg_fields.push_back(this); + select->join->non_agg_fields.push_back(this); } if (*from_field != view_ref_found) { @@ -5299,9 +5299,10 @@ bool Item_field::fix_fields(THD *thd, Item **reference) fixed= 1; if (thd->variables.sql_mode & MODE_ONLY_FULL_GROUP_BY && !outer_fixed && !thd->lex->in_sum_func && - thd->lex->current_select->cur_pos_in_select_list != UNDEF_POS) + thd->lex->current_select->cur_pos_in_select_list != UNDEF_POS && + thd->lex->current_select->join) { - thd->lex->current_select->non_agg_fields.push_back(this); + thd->lex->current_select->join->non_agg_fields.push_back(this); marker= thd->lex->current_select->cur_pos_in_select_list; } mark_non_agg_field: diff --git a/sql/item.h b/sql/item.h index 4aaa67d9a1d..a38a25dfc75 100644 --- a/sql/item.h +++ b/sql/item.h @@ -631,7 +631,7 @@ public: */ uint name_length; /* Length of name */ uint decimals; - int8 marker; + int marker; bool maybe_null; /* If item may be null */ bool in_rollup; /* If used in GROUP BY list of a query with ROLLUP */ diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 1d62acdbe4b..9ccafa75ca7 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -1917,7 +1917,6 @@ void st_select_lex::init_select() with_sum_func= 0; is_correlated= 0; cur_pos_in_select_list= UNDEF_POS; - non_agg_fields.empty(); cond_value= having_value= Item::COND_UNDEF; inner_refs_list.empty(); insert_tables= 0; @@ -1925,6 +1924,7 @@ void st_select_lex::init_select() m_non_agg_field_used= false; m_agg_func_used= false; name_visibility_map= 0; + join= 0; } /* diff --git a/sql/sql_lex.h b/sql/sql_lex.h index a0f8e456800..aa59d76245b 100644 --- a/sql/sql_lex.h +++ b/sql/sql_lex.h @@ -877,8 +877,6 @@ public: bool no_wrap_view_item; /* exclude this select from check of unique_table() */ bool exclude_from_table_unique_test; - /* List of fields that aren't under an aggregate function */ - List<Item_field> non_agg_fields; /* index in the select list of the expression currently being fixed */ int cur_pos_in_select_list; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index fb7cafc595f..5ed7a67da61 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -20705,7 +20705,7 @@ setup_group(THD *thd, Item **ref_pointer_array, TABLE_LIST *tables, Item_field *field; int cur_pos_in_select_list= 0; List_iterator<Item> li(fields); - List_iterator<Item_field> naf_it(thd->lex->current_select->non_agg_fields); + List_iterator<Item_field> naf_it(thd->lex->current_select->join->non_agg_fields); field= naf_it++; while (field && (item=li++)) diff --git a/sql/sql_select.h b/sql/sql_select.h index de5baeee151..4f807ff5b93 100644 --- a/sql/sql_select.h +++ b/sql/sql_select.h @@ -922,6 +922,9 @@ public: Item *pre_sort_idx_pushed_cond; void clean_pre_sort_join_tab(); + /* List of fields that aren't under an aggregate function */ + List<Item_field> non_agg_fields; + /* For "Using temporary+Using filesort" queries, JOIN::join_tab can point to either: @@ -1301,6 +1304,7 @@ public: all_fields= fields_arg; if (&fields_list != &fields_arg) /* Avoid valgrind-warning */ fields_list= fields_arg; + non_agg_fields.empty(); bzero((char*) &keyuse,sizeof(keyuse)); tmp_table_param.init(); tmp_table_param.end_write_records= HA_POS_ERROR; diff --git a/sql/sql_union.cc b/sql/sql_union.cc index 6e2e6e06ff7..87d3e86b2c7 100644 --- a/sql/sql_union.cc +++ b/sql/sql_union.cc @@ -1021,7 +1021,6 @@ bool st_select_lex::cleanup() { error= (bool) ((uint) error | (uint) lex_unit->cleanup()); } - non_agg_fields.empty(); inner_refs_list.empty(); exclude_from_table_unique_test= FALSE; DBUG_RETURN(error); @@ -1032,6 +1031,7 @@ void st_select_lex::cleanup_all_joins(bool full) { SELECT_LEX_UNIT *unit; SELECT_LEX *sl; + DBUG_ENTER("st_select_lex::cleanup_all_joins"); if (join) join->cleanup(full); @@ -1039,6 +1039,7 @@ void st_select_lex::cleanup_all_joins(bool full) for (unit= first_inner_unit(); unit; unit= unit->next_unit()) for (sl= unit->first_select(); sl; sl= sl->next_select()) sl->cleanup_all_joins(full); + DBUG_VOID_RETURN; } diff --git a/sql/table.cc b/sql/table.cc index e4dee77171d..f521056aaee 100644 --- a/sql/table.cc +++ b/sql/table.cc @@ -5194,7 +5194,7 @@ Item *Field_iterator_table::create_item(THD *thd) if (item && thd->variables.sql_mode & MODE_ONLY_FULL_GROUP_BY && !thd->lex->in_sum_func && select->cur_pos_in_select_list != UNDEF_POS) { - select->non_agg_fields.push_back(item); + select->join->non_agg_fields.push_back(item); item->marker= select->cur_pos_in_select_list; select->set_non_agg_field_used(true); } |