Commit 2cf7f53b authored by MySQL Build Team's avatar MySQL Build Team

Backport into build-200907211706-5.0.82sp1

> ------------------------------------------------------------
> revno: 2733
> revision-id: gshchepa@mysql.com-20090430192037-9p1etcynkglte2j3
> parent: aelkin@mysql.com-20090430143246-zfqaz0t7uoluzdz2
> committer: Gleb Shchepa <gshchepa@mysql.com>
> branch nick: mysql-5.0-bugteam
> timestamp: Fri 2009-05-01 00:20:37 +0500
> message:
>   Bug #37362: Crash in do_field_eq
>   
>   EXPLAIN EXTENDED of nested query containing a error:
>   
>      1054 Unknown column '...' in 'field list'
>   
>   may cause a server crash.
>   
>   
>   Parse error like described above forces a call to
>   JOIN::destroy() on malformed subquery.
>   That JOIN::destroy function closes and frees temporary
>   tables. However, temporary fields of these tables
>   may be listed in st_select_lex::group_list of outer
>   query, and that st_select_lex may not cleanup them
>   properly. So, after the JOIN::destroy call that
>   st_select_lex::group_list may have Item_field
>   objects with dangling pointers to freed temporary
>   table Field objects. That caused a crash.
parent 8bb24383
...@@ -849,4 +849,23 @@ ROW(1,2) = (SELECT 1, 1) ROW(1,2) IN (SELECT 1, 1) ...@@ -849,4 +849,23 @@ ROW(1,2) = (SELECT 1, 1) ROW(1,2) IN (SELECT 1, 1)
SELECT ROW(1,2) = (SELECT 1, 2), ROW(1,2) IN (SELECT 1, 2); SELECT ROW(1,2) = (SELECT 1, 2), ROW(1,2) IN (SELECT 1, 2);
ROW(1,2) = (SELECT 1, 2) ROW(1,2) IN (SELECT 1, 2) ROW(1,2) = (SELECT 1, 2) ROW(1,2) IN (SELECT 1, 2)
1 1 1 1
CREATE TABLE t1 (a INT, b INT, c INT);
INSERT INTO t1 VALUES (1,1,1), (1,1,1);
EXPLAIN EXTENDED
SELECT c FROM
( SELECT
(SELECT COUNT(a) FROM
(SELECT COUNT(b) FROM t1) AS x GROUP BY c
) FROM t1 GROUP BY b
) AS y;
ERROR 42S22: Unknown column 'c' in 'field list'
SHOW WARNINGS;
Level Code Message
Note 1276 Field or reference 'test.t1.a' of SELECT #3 was resolved in SELECT #2
Note 1276 Field or reference 'test.t1.c' of SELECT #3 was resolved in SELECT #2
Error 1054 Unknown column 'c' in 'field list'
Note 1003 select `c` AS `c` from (select (select count(`test`.`t1`.`a`) AS `COUNT(a)` from (select count(`test`.`t1`.`b`) AS `COUNT(b)` from `test`.`t1`) `x` group by `c`) AS `(SELECT COUNT(a) FROM
(SELECT COUNT(b) FROM t1) AS x GROUP BY c
)` from `test`.`t1` group by `test`.`t1`.`b`) `y`
DROP TABLE t1;
End of 5.0 tests End of 5.0 tests
...@@ -669,4 +669,23 @@ SELECT ROW(1,2) = (SELECT NULL, 1), ROW(1,2) IN (SELECT NULL, 1); ...@@ -669,4 +669,23 @@ SELECT ROW(1,2) = (SELECT NULL, 1), ROW(1,2) IN (SELECT NULL, 1);
SELECT ROW(1,2) = (SELECT 1, 1), ROW(1,2) IN (SELECT 1, 1); SELECT ROW(1,2) = (SELECT 1, 1), ROW(1,2) IN (SELECT 1, 1);
SELECT ROW(1,2) = (SELECT 1, 2), ROW(1,2) IN (SELECT 1, 2); SELECT ROW(1,2) = (SELECT 1, 2), ROW(1,2) IN (SELECT 1, 2);
#
# Bug #37362 Crash in do_field_eq
#
CREATE TABLE t1 (a INT, b INT, c INT);
INSERT INTO t1 VALUES (1,1,1), (1,1,1);
--error 1054
EXPLAIN EXTENDED
SELECT c FROM
( SELECT
(SELECT COUNT(a) FROM
(SELECT COUNT(b) FROM t1) AS x GROUP BY c
) FROM t1 GROUP BY b
) AS y;
SHOW WARNINGS;
DROP TABLE t1;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -2172,6 +2172,14 @@ JOIN::destroy() ...@@ -2172,6 +2172,14 @@ JOIN::destroy()
cond_equal= 0; cond_equal= 0;
cleanup(1); cleanup(1);
/* Cleanup items referencing temporary table columns */
if (!tmp_all_fields3.is_empty())
{
List_iterator_fast<Item> it(tmp_all_fields3);
Item *item;
while ((item= it++))
item->cleanup();
}
if (exec_tmp_table1) if (exec_tmp_table1)
free_tmp_table(thd, exec_tmp_table1); free_tmp_table(thd, exec_tmp_table1);
if (exec_tmp_table2) if (exec_tmp_table2)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment