From 2412c151916dc65660644a0cd2fe5f34816ea901 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Wed, 13 Jun 2018 11:56:56 +0400 Subject: MDEV-15870 Using aggregate and window function in unexpected places can crash the server --- sql/item_sum.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sql/item_sum.cc') diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 4cf11e81d3d..cb150db3031 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -68,14 +68,14 @@ size_t Item_sum::ram_limitation(THD *thd) bool Item_sum::init_sum_func_check(THD *thd) { SELECT_LEX *curr_sel= thd->lex->current_select; - if (!curr_sel->name_visibility_map) + if (curr_sel && !curr_sel->name_visibility_map) { for (SELECT_LEX *sl= curr_sel; sl; sl= sl->context.outer_select()) { curr_sel->name_visibility_map|= (1 << sl-> nest_level); } } - if (!(thd->lex->allow_sum_func & curr_sel->name_visibility_map)) + if (!curr_sel || !(thd->lex->allow_sum_func & curr_sel->name_visibility_map)) { my_message(ER_INVALID_GROUP_FUNC_USE, ER_THD(thd, ER_INVALID_GROUP_FUNC_USE), MYF(0)); -- cgit v1.2.1 From 6b8802e8dd5467556a024d807a1df23940b00895 Mon Sep 17 00:00:00 2001 From: Oleksandr Byelkin Date: Tue, 8 May 2018 15:26:26 +0200 Subject: MDEV-11071: Assertion `thd->transaction.stmt.is_empty()' failed in Locked_tables_list::unlock_locked_table fix_length_and_dec now return result (error/OK) --- sql/item_sum.cc | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'sql/item_sum.cc') diff --git a/sql/item_sum.cc b/sql/item_sum.cc index cb150db3031..9e59ec4e373 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -1132,9 +1132,8 @@ Item_sum_num::fix_fields(THD *thd, Item **ref) result_field=0; max_length=float_length(decimals); null_value=1; - fix_length_and_dec(); - - if (check_sum_func(thd, ref)) + if (fix_length_and_dec() || + check_sum_func(thd, ref)) return TRUE; memcpy (orig_args, args, sizeof (Item *) * arg_count); @@ -1189,9 +1188,8 @@ Item_sum_hybrid::fix_fields(THD *thd, Item **ref) maybe_null= 1; result_field=0; null_value=1; - fix_length_and_dec(); - - if (check_sum_func(thd, ref)) + if (fix_length_and_dec() || + check_sum_func(thd, ref)) return TRUE; orig_args[0]= args[0]; @@ -1329,7 +1327,7 @@ void Item_sum_sum::clear() } -void Item_sum_sum::fix_length_and_dec() +bool Item_sum_sum::fix_length_and_dec() { DBUG_ENTER("Item_sum_sum::fix_length_and_dec"); maybe_null=null_value=1; @@ -1364,7 +1362,7 @@ void Item_sum_sum::fix_length_and_dec() "--ILLEGAL!!!--"), max_length, (int)decimals)); - DBUG_VOID_RETURN; + DBUG_RETURN(FALSE); } @@ -1664,9 +1662,10 @@ void Item_sum_count::cleanup() /* Avgerage */ -void Item_sum_avg::fix_length_and_dec() +bool Item_sum_avg::fix_length_and_dec() { - Item_sum_sum::fix_length_and_dec(); + if (Item_sum_sum::fix_length_and_dec()) + return TRUE; maybe_null=null_value=1; prec_increment= current_thd->variables.div_precincrement; if (Item_sum_avg::result_type() == DECIMAL_RESULT) @@ -1686,6 +1685,7 @@ void Item_sum_avg::fix_length_and_dec() FLOATING_POINT_DECIMALS); max_length= MY_MIN(args[0]->max_length + prec_increment, float_length(decimals)); } + return FALSE; } @@ -1884,7 +1884,7 @@ Item_sum_variance::Item_sum_variance(THD *thd, Item_sum_variance *item): } -void Item_sum_variance::fix_length_and_dec() +bool Item_sum_variance::fix_length_and_dec() { DBUG_ENTER("Item_sum_variance::fix_length_and_dec"); maybe_null= null_value= 1; @@ -1919,7 +1919,7 @@ void Item_sum_variance::fix_length_and_dec() DBUG_ASSERT(0); } DBUG_PRINT("info", ("Type: REAL_RESULT (%d, %d)", max_length, (int)decimals)); - DBUG_VOID_RETURN; + DBUG_RETURN(FALSE); } @@ -2989,13 +2989,13 @@ my_decimal *Item_sum_udf_int::val_decimal(my_decimal *dec) /** Default max_length is max argument length. */ -void Item_sum_udf_str::fix_length_and_dec() +bool Item_sum_udf_str::fix_length_and_dec() { DBUG_ENTER("Item_sum_udf_str::fix_length_and_dec"); max_length=0; for (uint i = 0; i < arg_count; i++) set_if_bigger(max_length,args[i]->max_length); - DBUG_VOID_RETURN; + DBUG_RETURN(FALSE); } -- cgit v1.2.1