[Commits] Rev 3166: Fixed bug lp:825018 in file:///home/tsk/mprog/src/5.3/

timour at askmonty.org timour at askmonty.org
Tue Aug 23 15:41:55 EEST 2011


At file:///home/tsk/mprog/src/5.3/

------------------------------------------------------------
revno: 3166
revision-id: timour at askmonty.org-20110823123915-jxf9hvxq2hy03rr7
parent: timour at askmonty.org-20110822210013-egubev0wgyi00wjt
fixes bug(s): https://launchpad.net/bugs/825018
committer: timour at askmonty.org
branch nick: 5.3
timestamp: Tue 2011-08-23 15:39:15 +0300
message:
  Fixed bug lp:825018
  
  Analysis:
  During the first execution of the query through the stored
  procedure, the optimization phase calls
  substitute_for_best_equal_field(), which calls
  Item_in_optimizer::transform(). The latter replaces
  Item_in_subselect::left_expr with args[0] via assignment.
  In this test case args[0] is an Item_outer_ref which is
  created/deallocated for each re-execution. As a result,
  during the second execution Item_in_subselect::left_expr
  pointed to freed memory, which resulted in a crash.
  
  Solution:
  The solution is to use change_item_tree(), so that the
  origianal left expression is restored after each execution.
-------------- next part --------------
=== modified file 'mysql-test/r/subselect4.result'
--- a/mysql-test/r/subselect4.result	2011-07-21 12:50:25 +0000
+++ b/mysql-test/r/subselect4.result	2011-08-23 12:39:15 +0000
@@ -2090,4 +2090,42 @@ EXECUTE st2;
 f2
 2
 drop table t1, t2;
+#
+# LP BUG#825018: Crash in check_and_do_in_subquery_rewrites() with corrlated subquery in select list
+#
+CREATE TABLE t1 (a int, b int);
+INSERT INTO t1 VALUES (10,1),(11,7);
+CREATE TABLE t2 (a int);
+INSERT INTO t2 VALUES (2),(3);
+CREATE TABLE t3 (a int, b int);
+INSERT INTO t3 VALUES (1,1);
+CREATE PROCEDURE sp1 () LANGUAGE SQL
+SELECT (SELECT t1.a
+FROM t1
+WHERE t1.b = t3.b
+AND t1.b IN ( SELECT a FROM t2 )) sq
+FROM t3
+GROUP BY 1;
+CALL sp1();
+sq
+NULL
+CALL sp1();
+sq
+NULL
+drop procedure sp1;
+prepare st1 from "
+SELECT (SELECT t1.a
+        FROM t1
+        WHERE t1.b = t3.b
+        AND t1.b IN ( SELECT a FROM t2 )) sq
+FROM t3
+GROUP BY 1";
+execute st1;
+sq
+NULL
+execute st1;
+sq
+NULL
+deallocate prepare st1;
+drop table t1, t2, t3;
 set optimizer_switch=@subselect4_tmp;

=== modified file 'mysql-test/t/subselect4.test'
--- a/mysql-test/t/subselect4.test	2011-07-18 20:45:38 +0000
+++ b/mysql-test/t/subselect4.test	2011-08-23 12:39:15 +0000
@@ -1726,5 +1726,41 @@ EXECUTE st2;
 
 drop table t1, t2;
 
+--echo #
+--echo # LP BUG#825018: Crash in check_and_do_in_subquery_rewrites() with corrlated subquery in select list
+--echo #
+
+CREATE TABLE t1 (a int, b int);
+INSERT INTO t1 VALUES (10,1),(11,7);
+
+CREATE TABLE t2 (a int);
+INSERT INTO t2 VALUES (2),(3);
+
+CREATE TABLE t3 (a int, b int);
+INSERT INTO t3 VALUES (1,1);
+
+CREATE PROCEDURE sp1 () LANGUAGE SQL
+SELECT (SELECT t1.a
+        FROM t1
+        WHERE t1.b = t3.b
+        AND t1.b IN ( SELECT a FROM t2 )) sq
+FROM t3
+GROUP BY 1;
+CALL sp1();
+CALL sp1();
+drop procedure sp1;
+
+prepare st1 from "
+SELECT (SELECT t1.a
+        FROM t1
+        WHERE t1.b = t3.b
+        AND t1.b IN ( SELECT a FROM t2 )) sq
+FROM t3
+GROUP BY 1";
+execute st1;
+execute st1;
+deallocate prepare st1;
+
+drop table t1, t2, t3;
 
 set optimizer_switch=@subselect4_tmp;

=== modified file 'sql/item_cmpfunc.cc'
--- a/sql/item_cmpfunc.cc	2011-08-17 11:10:32 +0000
+++ b/sql/item_cmpfunc.cc	2011-08-23 12:39:15 +0000
@@ -1804,7 +1804,7 @@ Item *Item_in_optimizer::transform(Item_
                  Item_subselect::ANY_SUBS));
 
     Item_in_subselect *in_arg= (Item_in_subselect*)args[1];
-    in_arg->left_expr= args[0];
+    current_thd->change_item_tree(&in_arg->left_expr, args[0]);
   }
   return (this->*transformer)(argument);
 }



More information about the commits mailing list