From 5f55d52113e383df4e786b9f1ebaf0217c463376 Mon Sep 17 00:00:00 2001
From: Gleb Shchepa <gshchepa@mysql.com>
Date: Mon, 8 Jun 2009 01:40:53 +0500
Subject: [PATCH] Bug #44886: SIGSEGV in test_if_skip_sort_order() -           
  uninitialized variable used as subscript

Grouping select from a "constant" InnoDB table (a table
of a single row) joined with other tables caused a crash.


mysql-test/r/innodb_mysql.result:
  Added test case for bug bug #44886.
mysql-test/t/innodb_mysql.test:
  Added test case for bug bug #44886.
sql/sql_select.cc:
  Bug #44886: SIGSEGV in test_if_skip_sort_order() -
              uninitialized variable used as subscript

  1. The test_if_order_by_key function returned unitialized
     used_key_parts parameter in case of a "constant" InnoDB
     table. Calling function uses this parameter values as
     an array index, thus sometimes it caused a crash.
     The test_if_order_by_key function has been modified
     to set used_key_parts to 0 (no need for ordering).

  2. The test_if_skip_sort_order function has been
     modified to accept zero used_key_parts value and
     to prevent an array access by negative index.
---
 mysql-test/r/innodb_mysql.result | 17 +++++++++++++++++
 mysql-test/t/innodb_mysql.test   | 21 +++++++++++++++++++++
 sql/sql_select.cc                |  6 +++++-
 3 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/innodb_mysql.result b/mysql-test/r/innodb_mysql.result
index 7e4359e1f92..272782f6647 100644
--- a/mysql-test/r/innodb_mysql.result
+++ b/mysql-test/r/innodb_mysql.result
@@ -2120,4 +2120,21 @@ a	b
 4	14
 5	5
 DROP TABLE t1, t2, t3, t4;
+#
+# Bug#44886: SIGSEGV in test_if_skip_sort_order() -
+#            uninitialized variable used as subscript 
+#
+CREATE TABLE t1 (a INT, b INT, c INT, d INT, PRIMARY KEY (b), KEY (a,c))
+ENGINE=InnoDB;
+INSERT INTO t1 VALUES (1,1,1,0);
+CREATE TABLE t2 (a INT, b INT, e INT, KEY (e)) ENGINE=InnoDB;
+INSERT INTO t2 VALUES (1,1,2);
+CREATE TABLE t3 (a INT, b INT) ENGINE=MyISAM;
+INSERT INTO t3 VALUES (1, 1);
+SELECT * FROM t1, t2, t3
+WHERE t1.a = t3.a AND (t1.b = t3.b OR t1.d) AND t2.b = t1.b AND t2.e = 2
+GROUP BY t1.b;
+a	b	c	d	a	b	e	a	b
+1	1	1	0	1	1	2	1	1
+DROP TABLE t1, t2, t3;
 End of 5.1 tests
diff --git a/mysql-test/t/innodb_mysql.test b/mysql-test/t/innodb_mysql.test
index 1b2b861dffb..3e1968b8007 100644
--- a/mysql-test/t/innodb_mysql.test
+++ b/mysql-test/t/innodb_mysql.test
@@ -359,4 +359,25 @@ SELECT * FROM t4;
 
 DROP TABLE t1, t2, t3, t4;
 
+--echo #
+--echo # Bug#44886: SIGSEGV in test_if_skip_sort_order() -
+--echo #            uninitialized variable used as subscript 
+--echo #
+
+CREATE TABLE t1 (a INT, b INT, c INT, d INT, PRIMARY KEY (b), KEY (a,c))
+  ENGINE=InnoDB;
+INSERT INTO t1 VALUES (1,1,1,0);
+
+CREATE TABLE t2 (a INT, b INT, e INT, KEY (e)) ENGINE=InnoDB;
+INSERT INTO t2 VALUES (1,1,2);
+
+CREATE TABLE t3 (a INT, b INT) ENGINE=MyISAM;
+INSERT INTO t3 VALUES (1, 1);
+
+SELECT * FROM t1, t2, t3
+  WHERE t1.a = t3.a AND (t1.b = t3.b OR t1.d) AND t2.b = t1.b AND t2.e = 2
+  GROUP BY t1.b;
+
+DROP TABLE t1, t2, t3;
+
 --echo End of 5.1 tests
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 06776f5f7b3..526b926d66d 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -12658,7 +12658,10 @@ static int test_if_order_by_key(ORDER *order, TABLE *table, uint idx,
          one row).  The sorting doesn't matter.
         */
         if (key_part == key_part_end && reverse == 0)
+        {
+          *used_key_parts= 0;
           DBUG_RETURN(1);
+        }
       }
       else
         DBUG_RETURN(0);
@@ -13155,7 +13158,8 @@ test_if_skip_sort_order(JOIN_TAB *tab,ORDER *order,ha_rows select_limit,
             select_limit= table_records;
           if (group)
           {
-            rec_per_key= keyinfo->rec_per_key[used_key_parts-1];
+            rec_per_key= used_key_parts ? keyinfo->rec_per_key[used_key_parts-1]
+                                        : 1;
             set_if_bigger(rec_per_key, 1);
             /*
               With a grouping query each group containing on average
-- 
2.30.9