Commit 1fc1f462 authored by Tatiana A. Nurnberg's avatar Tatiana A. Nurnberg

Bug#49487: crash with explain extended and group_concat in a derived table

When EXPLAIN EXTENDED tries to print column names, it checks whether the
referenced table is CONST (in which case, the column's value rather than
its name will be printed). If no proper table is reference (i.e. because
a derived table was used that has since gone out of scope), this will fail
spectacularly.

This ports an equivalent of the fix for Bug 43354.

mysql-test/r/func_gconcat.result:
  Show that EXPLAIN EXTENDED on a GROUP_CONCAT() on a derived table
  no longer crashes the server.
mysql-test/t/func_gconcat.test:
  Show that EXPLAIN EXTENDED on a GROUP_CONCAT() on a derived table
  no longer crashes the server.
sql/item_sum.cc:
  Do not de-ref what cannot be, that is, temp-tables that have gone away.
  This is of questionable utility anyway, since our deref has the sole
  purpose of checking whether the table is const (in which case, we'll
  substitute the column with its value in EXPLAIN EXTENDED - that is all).
parent ca6ec790
...@@ -972,4 +972,21 @@ GROUP BY t1.a ...@@ -972,4 +972,21 @@ GROUP BY t1.a
1 1
1 1
DROP TABLE t1, t2; DROP TABLE t1, t2;
CREATE TABLE t1 (f1 INT);
INSERT INTO t1 VALUES (),();
EXPLAIN EXTENDED SELECT 1 FROM
(SELECT DISTINCT GROUP_CONCAT(td.f1) FROM t1,t1 AS td GROUP BY td.f1) AS d,t1;
id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY <derived2> system NULL NULL NULL NULL 1
1 PRIMARY t1 ALL NULL NULL NULL NULL 2
2 DERIVED t1 ALL NULL NULL NULL NULL 2 Using temporary; Using filesort; Distinct
2 DERIVED td ALL NULL NULL NULL NULL 2 Distinct
Warnings:
Note 1003 select 1 AS `1` from (select distinct group_concat(`test`.`td`.`f1` separator ',') AS `GROUP_CONCAT(td.f1)` from `test`.`t1` join `test`.`t1` `td` group by `test`.`td`.`f1`) `d` join `test`.`t1`
SELECT 1 FROM
(SELECT DISTINCT GROUP_CONCAT(td.f1) FROM t1,t1 AS td GROUP BY td.f1) AS d,t1;
1
1
1
DROP TABLE t1;
End of 5.0 tests End of 5.0 tests
...@@ -693,4 +693,19 @@ SELECT 1 FROM t1 WHERE t1.a NOT IN ...@@ -693,4 +693,19 @@ SELECT 1 FROM t1 WHERE t1.a NOT IN
DROP TABLE t1, t2; DROP TABLE t1, t2;
#
# Bug #49487: crash with explain extended and group_concat in a derived table
#
CREATE TABLE t1 (f1 INT);
INSERT INTO t1 VALUES (),();
EXPLAIN EXTENDED SELECT 1 FROM
(SELECT DISTINCT GROUP_CONCAT(td.f1) FROM t1,t1 AS td GROUP BY td.f1) AS d,t1;
SELECT 1 FROM
(SELECT DISTINCT GROUP_CONCAT(td.f1) FROM t1,t1 AS td GROUP BY td.f1) AS d,t1;
DROP TABLE t1;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -3538,6 +3538,8 @@ String* Item_func_group_concat::val_str(String* str) ...@@ -3538,6 +3538,8 @@ String* Item_func_group_concat::val_str(String* str)
void Item_func_group_concat::print(String *str) void Item_func_group_concat::print(String *str)
{ {
/* orig_args is not filled with valid values until fix_fields() */
Item **pargs= fixed ? orig_args : args;
str->append(STRING_WITH_LEN("group_concat(")); str->append(STRING_WITH_LEN("group_concat("));
if (distinct) if (distinct)
str->append(STRING_WITH_LEN("distinct ")); str->append(STRING_WITH_LEN("distinct "));
...@@ -3545,7 +3547,7 @@ void Item_func_group_concat::print(String *str) ...@@ -3545,7 +3547,7 @@ void Item_func_group_concat::print(String *str)
{ {
if (i) if (i)
str->append(','); str->append(',');
args[i]->print(str); pargs[i]->print(str);
} }
if (arg_count_order) if (arg_count_order)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment