[Commits] d34e2ba: MDEV-10669: Crash in SELECT with window function used

Vicentiu Ciorbaru vicentiu at mariadb.org
Sat Sep 17 12:51:23 EEST 2016


revision-id: d34e2baa76bc767e2bca8695005ad1238376e9fd (mariadb-10.1.8-254-gd34e2ba)
parent(s): d3c647776ec96c88c283e641c86a77463a2e67eb
author: Vicențiu Ciorbaru
committer: Vicențiu Ciorbaru
timestamp: 2016-09-17 11:51:03 +0200
message:

MDEV-10669: Crash in SELECT with window function used

Make sure to call split_sum_func on all items that contain window
functions, so that all the column references are set up correctly.

---
 mysql-test/r/win.result | 25 +++++++++++++++++++++++++
 mysql-test/t/win.test   | 14 ++++++++++++++
 sql/item.cc             |  2 +-
 3 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/win.result b/mysql-test/r/win.result
index ffb068a..7ea0cc1 100644
--- a/mysql-test/r/win.result
+++ b/mysql-test/r/win.result
@@ -2041,3 +2041,28 @@ a	b	simple_sum	sum_and_const	sum_and_sum
 3.0000000000	2	5.5000000000	6.5000000000	11.5000000000
 4.5000000000	2	10.0000000000	11.0000000000	18.0000000000
 drop table t;
+#
+# MDEV-10669: Crash in SELECT with window function used
+#
+create table t(a decimal(35,10), b int);
+insert into t(a,b) values(1,1);
+insert into t(a,b) values(2,1);
+insert into t(a,b) values(0,1);
+SELECT (CASE WHEN sum(t.a) over (partition by t.b)=0 THEN null ELSE null END) AS a FROM t;
+a
+NULL
+NULL
+NULL
+SELECT ifnull(((t.a) / CASE WHEN sum(t.a) over(partition by t.b) =0 then null else null end) ,0) from t;
+ifnull(((t.a) / CASE WHEN sum(t.a) over(partition by t.b) =0 then null else null end) ,0)
+0.00000000000000
+0.00000000000000
+0.00000000000000
+SELECT sum(t.a) over (partition by t.b order by a),
+sqrt(ifnull((sum(t.a) over (partition by t.b order by a)), 0))
+from t;
+sum(t.a) over (partition by t.b order by a)	sqrt(ifnull((sum(t.a) over (partition by t.b order by a)), 0))
+1.0000000000	1
+3.0000000000	1.7320508075688772
+0.0000000000	0
+drop table t;
diff --git a/mysql-test/t/win.test b/mysql-test/t/win.test
index 528ea14..06c50c6 100644
--- a/mysql-test/t/win.test
+++ b/mysql-test/t/win.test
@@ -1250,3 +1250,17 @@ select a, b,
 from t
 order by t.b, t.a;
 drop table t;
+
+--echo #
+--echo # MDEV-10669: Crash in SELECT with window function used
+--echo #
+create table t(a decimal(35,10), b int);
+insert into t(a,b) values(1,1);
+insert into t(a,b) values(2,1);
+insert into t(a,b) values(0,1);
+SELECT (CASE WHEN sum(t.a) over (partition by t.b)=0 THEN null ELSE null END) AS a FROM t;
+SELECT ifnull(((t.a) / CASE WHEN sum(t.a) over(partition by t.b) =0 then null else null end) ,0) from t;
+SELECT sum(t.a) over (partition by t.b order by a),
+       sqrt(ifnull((sum(t.a) over (partition by t.b order by a)), 0))
+from t;
+drop table t;
diff --git a/sql/item.cc b/sql/item.cc
index ec4eae2..61635ea 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -1870,7 +1870,7 @@ void Item::split_sum_func2(THD *thd, Ref_ptr_array ref_pointer_array,
         ((Item_sum *) this)->ref_by)
       return;
   }
-  else if (type() == WINDOW_FUNC_ITEM)
+  else if (type() == WINDOW_FUNC_ITEM || with_window_func)
   {
     /*
       Skip the else part, window functions are very special functions: 


More information about the commits mailing list