diff options
| -rw-r--r-- | mysql-test/r/bug46080.result | 14 | ||||
| -rw-r--r-- | mysql-test/t/bug46080-master.opt | 1 | ||||
| -rw-r--r-- | mysql-test/t/bug46080.test | 19 | ||||
| -rw-r--r-- | sql/item_sum.cc | 5 |
4 files changed, 39 insertions, 0 deletions
diff --git a/mysql-test/r/bug46080.result b/mysql-test/r/bug46080.result new file mode 100644 index 00000000000..9ae4b55d8ea --- /dev/null +++ b/mysql-test/r/bug46080.result @@ -0,0 +1,14 @@ +# +# Bug #46080: group_concat(... order by) crashes server when +# sort_buffer_size cannot allocate +# +CREATE TABLE t1(a CHAR(255)); +INSERT INTO t1 VALUES ('a'); +SET @@SESSION.sort_buffer_size=5*16*1000000; +SET @@SESSION.max_heap_table_size=5*1000000; +# Must not crash. +SELECT GROUP_CONCAT(a ORDER BY a) FROM t1 GROUP BY a +DROP TABLE t1; +SET @@SESSION.sort_buffer_size=default; +SET @@SESSION.max_heap_table_size=default; +End of 5.0 tests diff --git a/mysql-test/t/bug46080-master.opt b/mysql-test/t/bug46080-master.opt new file mode 100644 index 00000000000..f59740afe60 --- /dev/null +++ b/mysql-test/t/bug46080-master.opt @@ -0,0 +1 @@ +--skip-grant-tables --skip-name-resolve --safemalloc-mem-limit=4000000 diff --git a/mysql-test/t/bug46080.test b/mysql-test/t/bug46080.test new file mode 100644 index 00000000000..9e6cc69b958 --- /dev/null +++ b/mysql-test/t/bug46080.test @@ -0,0 +1,19 @@ +--echo # +--echo # Bug #46080: group_concat(... order by) crashes server when +--echo # sort_buffer_size cannot allocate +--echo # + +CREATE TABLE t1(a CHAR(255)); +INSERT INTO t1 VALUES ('a'); + +SET @@SESSION.sort_buffer_size=5*16*1000000; +SET @@SESSION.max_heap_table_size=5*1000000; + +echo # Must not crash. +SELECT GROUP_CONCAT(a ORDER BY a) FROM t1 GROUP BY a; + +DROP TABLE t1; +SET @@SESSION.sort_buffer_size=default; +SET @@SESSION.max_heap_table_size=default; + +--echo End of 5.0 tests diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 46a58351872..38251294053 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -3327,8 +3327,13 @@ bool Item_func_group_concat::add() TREE_ELEMENT *el= 0; // Only for safety if (row_eligible && tree) + { el= tree_insert(tree, table->record[0] + table->s->null_bytes, 0, tree->custom_arg); + /* check if there was enough memory to insert the row */ + if (!el) + return 1; + } /* If the row is not a duplicate (el->count == 1) we can dump the row here in case of GROUP_CONCAT(DISTINCT...) |