From ae8950f1e831e267894e8363cd289a9ebb5d2311 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Thu, 2 Jul 2009 17:42:00 +0300 Subject: Bug #45807: crash accessing partitioned table and sql_mode contains ONLY_FULL_GROUP_BY The partitioning code needs to issue a Item::fix_fields() on the partitioning expression in order to prepare it for being evaluated. It does this by creating a special table and a table list for the scope of the partitioning expression. But when checking ONLY_FULL_GROUP_BY the Item_field::fix_fields() was relying that there always be cached_table set and was trying to use it to get the select_lex of the SELECT the field's table is in. But the cached_table was not set by the partitioning code that creates the artificial TABLE_LIST used to resolve the partitioning expression and this resulted in a crash. Fixed by rectifying the following errors : 1. Item_field::fix_fields() : the code that check for ONLY_FULL_GROUP_BY relies on having tables with cacheable_table set. This is mostly true, the only two exceptions being the partitioning context table and the trigger context table. Fixed by taking the current parsing context if no pointer to the TABLE_LIST instance is present in the cached_table. 2. fix_fields_part_func() : 2a. The code that adds the table being created to the scope for the partitioning expression is mostly a copy of the add_table_to_list and friends with one exception : it was not marking the table as cacheable (something that normal add_table_to_list is doing). This caused the problem in the check for ONLY_FULL_GROUP_BY in Item_field::fix_fields() to appear. Fixed by setting the correct members to make the table cacheable. The ideal structural fix for this is to use a unified interface for adding a table to a table list (add_table_to_list?) : noted in a TODO comment 2b. The Item::fix_fields() was called with a NULL destination pointer. This causes uninitalized memory reads in the overloaded ::fix_fields() function (namely Item_field::fix_fields()) as it expects a non-zero pointer there. Fixed by passing the source pointer similarly to how it's done in JOIN::prepare(). mysql-test/r/partition.result: Bug #45807: test case mysql-test/t/partition.test: Bug #45807: test case sql/item.cc: Bug #45807: fix the ONLY_FULL_GROUP_BY check code to handle correctly non-cacheable tables. sql/sql_partition.cc: Bug #45807: fix the Item::fix_fields() context initializatio for the partitioning expression in CREATE TABLE. --- sql/item.cc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'sql/item.cc') diff --git a/sql/item.cc b/sql/item.cc index 4c967200a3a..d380cafbee3 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -4406,16 +4406,22 @@ mark_non_agg_field: Fields from outer selects added to the aggregate function outer_fields list as its unknown at the moment whether it's aggregated or not. + We're using either the select lex of the cached table (if present) + or the field's resolution context. context->select_lex is + safe for use because it's either the SELECT we want to use + (the current level) or a stub added by non-SELECT queries. */ + SELECT_LEX *select_lex= cached_table ? + cached_table->select_lex : context->select_lex; if (!thd->lex->in_sum_func) - cached_table->select_lex->full_group_by_flag|= NON_AGG_FIELD_USED; + select_lex->full_group_by_flag|= NON_AGG_FIELD_USED; else { if (outer_fixed) thd->lex->in_sum_func->outer_fields.push_back(this); else if (thd->lex->in_sum_func->nest_level != thd->lex->current_select->nest_level) - cached_table->select_lex->full_group_by_flag|= NON_AGG_FIELD_USED; + select_lex->full_group_by_flag|= NON_AGG_FIELD_USED; } } return FALSE; -- cgit v1.2.1