Commit 422c55a2 authored by Sergey Petrunya's avatar Sergey Petrunya

MDEV-5037: Server crash on a JOIN on a derived table with join_cache_level > 2

- The crash was caused because the optimizer called handler->multi_range_read_info()
  on a derived temporary table.  That table has been created, but not opened yet.
  Because of that, handler::table was NULL, which caused crash.
  Fixed by changing DS-MRR methods to use handler::table_share instead. 
  handler::table_share is set in handler ctor, so this should be safe.
parent 33f807fd
......@@ -171,3 +171,26 @@ a b c d e g
2 6 two 12 2 6
DROP TABLE t1, t2;
set optimizer_switch=@tmp_mdev3817;
#
# MDEV-5037: Server crash on a JOIN on a derived table with join_cache_level > 2
#
create table t0 (a int);
insert into t0 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
CREATE TABLE t1 (
id char(8) CHARACTER SET utf8 NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE t2 (
id char(8) CHARACTER SET utf8 DEFAULT NULL,
url text CHARACTER SET utf8
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
insert into t1 select '03b2ca8c' from t0 A, t0 B limit 80;
insert into t2 select '03b2ca8c','' from t0 A, t0 B, t0 C;
set @tmp_mdev5037=@@join_cache_level;
set join_cache_level=3;
explain SELECT 1 FROM (SELECT url, id FROM t2 LIMIT 1 OFFSET 20) derived RIGHT JOIN t1 ON t1.id = derived.id;
id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY t1 ALL NULL NULL NULL NULL #
1 PRIMARY <derived2> hash_ALL key0 #hash#key0 25 test.t1.id # Using join buffer (flat, BNLH join)
2 DERIVED t2 ALL NULL NULL NULL NULL #
set join_cache_level= @tmp_mdev5037;
drop table t0,t1,t2;
......@@ -165,3 +165,30 @@ SELECT * FROM t1, t2 WHERE g = b AND ( a < 7 OR a > e );
DROP TABLE t1, t2;
set optimizer_switch=@tmp_mdev3817;
--echo #
--echo # MDEV-5037: Server crash on a JOIN on a derived table with join_cache_level > 2
--echo #
create table t0 (a int);
insert into t0 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
CREATE TABLE t1 (
id char(8) CHARACTER SET utf8 NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE t2 (
id char(8) CHARACTER SET utf8 DEFAULT NULL,
url text CHARACTER SET utf8
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
insert into t1 select '03b2ca8c' from t0 A, t0 B limit 80;
insert into t2 select '03b2ca8c','' from t0 A, t0 B, t0 C;
set @tmp_mdev5037=@@join_cache_level;
set join_cache_level=3;
--replace_column 9 #
explain SELECT 1 FROM (SELECT url, id FROM t2 LIMIT 1 OFFSET 20) derived RIGHT JOIN t1 ON t1.id = derived.id;
set join_cache_level= @tmp_mdev5037;
drop table t0,t1,t2;
......@@ -2715,6 +2715,7 @@ class handler :public Sql_alloc
virtual bool check_if_supported_virtual_columns(void) { return FALSE;}
TABLE* get_table() { return table; }
TABLE_SHARE* get_table_share() { return table_share; }
protected:
/* deprecated, don't use in new engines */
inline void ha_statistic_increment(ulong SSV::*offset) const { }
......@@ -2968,7 +2969,7 @@ class handler :public Sql_alloc
#include "multi_range_read.h"
bool key_uses_partial_cols(TABLE *table, uint keyno);
bool key_uses_partial_cols(TABLE_SHARE *table, uint keyno);
/* Some extern variables used with handlers */
......
......@@ -1494,10 +1494,10 @@ ha_rows DsMrr_impl::dsmrr_info_const(uint keyno, RANGE_SEQ_IF *seq,
@retval FALSE No
*/
bool key_uses_partial_cols(TABLE *table, uint keyno)
bool key_uses_partial_cols(TABLE_SHARE *share, uint keyno)
{
KEY_PART_INFO *kp= table->key_info[keyno].key_part;
KEY_PART_INFO *kp_end= kp + table->key_info[keyno].key_parts;
KEY_PART_INFO *kp= share->key_info[keyno].key_part;
KEY_PART_INFO *kp_end= kp + share->key_info[keyno].key_parts;
for (; kp != kp_end; kp++)
{
if (!kp->field->part_of_key.is_set(keyno))
......@@ -1518,10 +1518,11 @@ bool key_uses_partial_cols(TABLE *table, uint keyno)
@retval FALSE Otherwise
*/
bool DsMrr_impl::check_cpk_scan(THD *thd, uint keyno, uint mrr_flags)
bool DsMrr_impl::check_cpk_scan(THD *thd, TABLE_SHARE *share, uint keyno,
uint mrr_flags)
{
return test((mrr_flags & HA_MRR_SINGLE_POINT) &&
keyno == table->s->primary_key &&
keyno == share->primary_key &&
primary_file->primary_key_is_clustered() &&
optimizer_flag(thd, OPTIMIZER_SWITCH_MRR_SORT_KEYS));
}
......@@ -1557,14 +1558,15 @@ bool DsMrr_impl::choose_mrr_impl(uint keyno, ha_rows rows, uint *flags,
COST_VECT dsmrr_cost;
bool res;
THD *thd= current_thd;
TABLE_SHARE *share= primary_file->get_table_share();
bool doing_cpk_scan= check_cpk_scan(thd, keyno, *flags);
bool using_cpk= test(keyno == table->s->primary_key &&
bool doing_cpk_scan= check_cpk_scan(thd, share, keyno, *flags);
bool using_cpk= test(keyno == share->primary_key &&
primary_file->primary_key_is_clustered());
*flags &= ~HA_MRR_IMPLEMENTATION_FLAGS;
if (!optimizer_flag(thd, OPTIMIZER_SWITCH_MRR) ||
*flags & HA_MRR_INDEX_ONLY ||
(using_cpk && !doing_cpk_scan) || key_uses_partial_cols(table, keyno))
(using_cpk && !doing_cpk_scan) || key_uses_partial_cols(share, keyno))
{
/* Use the default implementation */
*flags |= HA_MRR_USE_DEFAULT_IMPL;
......@@ -1572,7 +1574,7 @@ bool DsMrr_impl::choose_mrr_impl(uint keyno, ha_rows rows, uint *flags,
return TRUE;
}
uint add_len= table->key_info[keyno].key_length + primary_file->ref_length;
uint add_len= share->key_info[keyno].key_length + primary_file->ref_length;
*bufsz -= add_len;
if (get_disk_sweep_mrr_cost(keyno, rows, *flags, bufsz, &dsmrr_cost))
return TRUE;
......
......@@ -627,7 +627,7 @@ class DsMrr_impl
COST_VECT *cost);
bool get_disk_sweep_mrr_cost(uint keynr, ha_rows rows, uint flags,
uint *buffer_size, COST_VECT *cost);
bool check_cpk_scan(THD *thd, uint keyno, uint mrr_flags);
bool check_cpk_scan(THD *thd, TABLE_SHARE *share, uint keyno, uint mrr_flags);
bool setup_buffer_sharing(uint key_size_in_keybuf, key_part_map key_tuple_map);
......
......@@ -192,7 +192,7 @@ class Loose_scan_opt
(PREV_BITS(key_part_map, max_loose_keypart+1) & // (3)
(found_part | loose_scan_keyparts)) == // (3)
PREV_BITS(key_part_map, max_loose_keypart+1) && // (3)
!key_uses_partial_cols(s->table, key))
!key_uses_partial_cols(s->table->s, key))
{
/* Ok, can use the strategy */
part1_conds_met= TRUE;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment