From ed7f0f3023041cc1749077ad45cd5a8bb8fa784e Mon Sep 17 00:00:00 2001 From: Gleb Shchepa Date: Mon, 8 Jun 2009 01:40:53 +0500 Subject: Bug #44886: SIGSEGV in test_if_skip_sort_order() - uninitialized variable used as subscript Grouping select from a "constant" InnoDB table (a table of a single row) joined with other tables caused a crash. mysql-test/r/innodb_mysql.result: Added test case for bug bug #44886. mysql-test/t/innodb_mysql.test: Added test case for bug bug #44886. sql/sql_select.cc: Bug #44886: SIGSEGV in test_if_skip_sort_order() - uninitialized variable used as subscript 1. The test_if_order_by_key function returned unitialized used_key_parts parameter in case of a "constant" InnoDB table. Calling function uses this parameter values as an array index, thus sometimes it caused a crash. The test_if_order_by_key function has been modified to set used_key_parts to 0 (no need for ordering). 2. The test_if_skip_sort_order function has been modified to accept zero used_key_parts value and to prevent an array access by negative index. --- sql/sql_select.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'sql/sql_select.cc') diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 06776f5f7b3..526b926d66d 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -12658,7 +12658,10 @@ static int test_if_order_by_key(ORDER *order, TABLE *table, uint idx, one row). The sorting doesn't matter. */ if (key_part == key_part_end && reverse == 0) + { + *used_key_parts= 0; DBUG_RETURN(1); + } } else DBUG_RETURN(0); @@ -13155,7 +13158,8 @@ test_if_skip_sort_order(JOIN_TAB *tab,ORDER *order,ha_rows select_limit, select_limit= table_records; if (group) { - rec_per_key= keyinfo->rec_per_key[used_key_parts-1]; + rec_per_key= used_key_parts ? keyinfo->rec_per_key[used_key_parts-1] + : 1; set_if_bigger(rec_per_key, 1); /* With a grouping query each group containing on average -- cgit v1.2.1