From 02bdc608b5599663b55a79bc9eddbd91dc06ee2a Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 22 May 2012 15:22:55 +0300 Subject: Fix bug lp:1002079 Analysis: The optimizer detects an empty result through constant table optimization. Then it calls return_zero_rows(), which in turns calls inderctly Item_maxmin_subselect::no_rows_in_result(). The latter method set "value=0", however "value" is pointer to Item_cache, and not just an integer value. All of the Item_[maxmin | singlerow]_subselect::val_XXX methods does: if (forced_const) return value->val_real(); which of course crashes when value is a NULL pointer. Solution: When the optimizer discovers an empty result set, set Item_singlerow_subselect::value to a FALSE constant Item instead of NULL. --- mysql-test/r/subselect_no_mat.result | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'mysql-test/r/subselect_no_mat.result') diff --git a/mysql-test/r/subselect_no_mat.result b/mysql-test/r/subselect_no_mat.result index a113e823970..d93e47ec381 100644 --- a/mysql-test/r/subselect_no_mat.result +++ b/mysql-test/r/subselect_no_mat.result @@ -6093,6 +6093,24 @@ SELECT COUNT(f1), f2 IN (SELECT f1 FROM t1 WHERE f2 > 0) AS f4 FROM t2, t1 WHERE COUNT(f1) f4 0 0 drop table t1,t2; +# +# LP BUG#1002079 Server crashes in Item_singlerow_subselect::val_int with constant table, +# HAVING, UNION in subquery +# +CREATE TABLE t1 (a INT); +INSERT INTO t1 VALUES (7),(0); +CREATE TABLE t2 (b INT); +EXPLAIN +SELECT SUM(a) AS f1, a AS f2 FROM (t1, t2) HAVING f2 >= ALL (SELECT 4 UNION SELECT 5) AND f1 = 7; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t2 system NULL NULL NULL NULL 0 const row not found +1 PRIMARY t1 ALL NULL NULL NULL NULL 2 +2 SUBQUERY NULL NULL NULL NULL NULL NULL NULL No tables used +3 UNION NULL NULL NULL NULL NULL NULL NULL No tables used +NULL UNION RESULT ALL NULL NULL NULL NULL NULL +SELECT SUM(a) AS f1, a AS f2 FROM (t1, t2) HAVING f2 >= ALL (SELECT 4 UNION SELECT 5) AND f1 = 7; +f1 f2 +drop table t1,t2; # return optimizer switch changed in the beginning of this test set optimizer_switch=@subselect_tmp; set optimizer_switch=default; -- cgit v1.2.1