Commit 422c55a2 authored by Sergey Petrunya's avatar Sergey Petrunya

MDEV-5037: Server crash on a JOIN on a derived table with join_cache_level > 2

- The crash was caused because the optimizer called handler->multi_range_read_info()
  on a derived temporary table.  That table has been created, but not opened yet.
  Because of that, handler::table was NULL, which caused crash.
  Fixed by changing DS-MRR methods to use handler::table_share instead. 
  handler::table_share is set in handler ctor, so this should be safe.
parent 33f807fd
...@@ -171,3 +171,26 @@ a b c d e g ...@@ -171,3 +171,26 @@ a b c d e g
2 6 two 12 2 6 2 6 two 12 2 6
DROP TABLE t1, t2; DROP TABLE t1, t2;
set optimizer_switch=@tmp_mdev3817; set optimizer_switch=@tmp_mdev3817;
#
# MDEV-5037: Server crash on a JOIN on a derived table with join_cache_level > 2
#
create table t0 (a int);
insert into t0 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
CREATE TABLE t1 (
id char(8) CHARACTER SET utf8 NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE t2 (
id char(8) CHARACTER SET utf8 DEFAULT NULL,
url text CHARACTER SET utf8
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
insert into t1 select '03b2ca8c' from t0 A, t0 B limit 80;
insert into t2 select '03b2ca8c','' from t0 A, t0 B, t0 C;
set @tmp_mdev5037=@@join_cache_level;
set join_cache_level=3;
explain SELECT 1 FROM (SELECT url, id FROM t2 LIMIT 1 OFFSET 20) derived RIGHT JOIN t1 ON t1.id = derived.id;
id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY t1 ALL NULL NULL NULL NULL #
1 PRIMARY <derived2> hash_ALL key0 #hash#key0 25 test.t1.id # Using join buffer (flat, BNLH join)
2 DERIVED t2 ALL NULL NULL NULL NULL #
set join_cache_level= @tmp_mdev5037;
drop table t0,t1,t2;
...@@ -165,3 +165,30 @@ SELECT * FROM t1, t2 WHERE g = b AND ( a < 7 OR a > e ); ...@@ -165,3 +165,30 @@ SELECT * FROM t1, t2 WHERE g = b AND ( a < 7 OR a > e );
DROP TABLE t1, t2; DROP TABLE t1, t2;
set optimizer_switch=@tmp_mdev3817; set optimizer_switch=@tmp_mdev3817;
--echo #
--echo # MDEV-5037: Server crash on a JOIN on a derived table with join_cache_level > 2
--echo #
create table t0 (a int);
insert into t0 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
CREATE TABLE t1 (
id char(8) CHARACTER SET utf8 NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE t2 (
id char(8) CHARACTER SET utf8 DEFAULT NULL,
url text CHARACTER SET utf8
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
insert into t1 select '03b2ca8c' from t0 A, t0 B limit 80;
insert into t2 select '03b2ca8c','' from t0 A, t0 B, t0 C;
set @tmp_mdev5037=@@join_cache_level;
set join_cache_level=3;
--replace_column 9 #
explain SELECT 1 FROM (SELECT url, id FROM t2 LIMIT 1 OFFSET 20) derived RIGHT JOIN t1 ON t1.id = derived.id;
set join_cache_level= @tmp_mdev5037;
drop table t0,t1,t2;
...@@ -2715,6 +2715,7 @@ public: ...@@ -2715,6 +2715,7 @@ public:
virtual bool check_if_supported_virtual_columns(void) { return FALSE;} virtual bool check_if_supported_virtual_columns(void) { return FALSE;}
TABLE* get_table() { return table; } TABLE* get_table() { return table; }
TABLE_SHARE* get_table_share() { return table_share; }
protected: protected:
/* deprecated, don't use in new engines */ /* deprecated, don't use in new engines */
inline void ha_statistic_increment(ulong SSV::*offset) const { } inline void ha_statistic_increment(ulong SSV::*offset) const { }
...@@ -2968,7 +2969,7 @@ public: ...@@ -2968,7 +2969,7 @@ public:
#include "multi_range_read.h" #include "multi_range_read.h"
bool key_uses_partial_cols(TABLE *table, uint keyno); bool key_uses_partial_cols(TABLE_SHARE *table, uint keyno);
/* Some extern variables used with handlers */ /* Some extern variables used with handlers */
......
...@@ -1494,10 +1494,10 @@ ha_rows DsMrr_impl::dsmrr_info_const(uint keyno, RANGE_SEQ_IF *seq, ...@@ -1494,10 +1494,10 @@ ha_rows DsMrr_impl::dsmrr_info_const(uint keyno, RANGE_SEQ_IF *seq,
@retval FALSE No @retval FALSE No
*/ */
bool key_uses_partial_cols(TABLE *table, uint keyno) bool key_uses_partial_cols(TABLE_SHARE *share, uint keyno)
{ {
KEY_PART_INFO *kp= table->key_info[keyno].key_part; KEY_PART_INFO *kp= share->key_info[keyno].key_part;
KEY_PART_INFO *kp_end= kp + table->key_info[keyno].key_parts; KEY_PART_INFO *kp_end= kp + share->key_info[keyno].key_parts;
for (; kp != kp_end; kp++) for (; kp != kp_end; kp++)
{ {
if (!kp->field->part_of_key.is_set(keyno)) if (!kp->field->part_of_key.is_set(keyno))
...@@ -1518,10 +1518,11 @@ bool key_uses_partial_cols(TABLE *table, uint keyno) ...@@ -1518,10 +1518,11 @@ bool key_uses_partial_cols(TABLE *table, uint keyno)
@retval FALSE Otherwise @retval FALSE Otherwise
*/ */
bool DsMrr_impl::check_cpk_scan(THD *thd, uint keyno, uint mrr_flags) bool DsMrr_impl::check_cpk_scan(THD *thd, TABLE_SHARE *share, uint keyno,
uint mrr_flags)
{ {
return test((mrr_flags & HA_MRR_SINGLE_POINT) && return test((mrr_flags & HA_MRR_SINGLE_POINT) &&
keyno == table->s->primary_key && keyno == share->primary_key &&
primary_file->primary_key_is_clustered() && primary_file->primary_key_is_clustered() &&
optimizer_flag(thd, OPTIMIZER_SWITCH_MRR_SORT_KEYS)); optimizer_flag(thd, OPTIMIZER_SWITCH_MRR_SORT_KEYS));
} }
...@@ -1557,14 +1558,15 @@ bool DsMrr_impl::choose_mrr_impl(uint keyno, ha_rows rows, uint *flags, ...@@ -1557,14 +1558,15 @@ bool DsMrr_impl::choose_mrr_impl(uint keyno, ha_rows rows, uint *flags,
COST_VECT dsmrr_cost; COST_VECT dsmrr_cost;
bool res; bool res;
THD *thd= current_thd; THD *thd= current_thd;
TABLE_SHARE *share= primary_file->get_table_share();
bool doing_cpk_scan= check_cpk_scan(thd, keyno, *flags); bool doing_cpk_scan= check_cpk_scan(thd, share, keyno, *flags);
bool using_cpk= test(keyno == table->s->primary_key && bool using_cpk= test(keyno == share->primary_key &&
primary_file->primary_key_is_clustered()); primary_file->primary_key_is_clustered());
*flags &= ~HA_MRR_IMPLEMENTATION_FLAGS; *flags &= ~HA_MRR_IMPLEMENTATION_FLAGS;
if (!optimizer_flag(thd, OPTIMIZER_SWITCH_MRR) || if (!optimizer_flag(thd, OPTIMIZER_SWITCH_MRR) ||
*flags & HA_MRR_INDEX_ONLY || *flags & HA_MRR_INDEX_ONLY ||
(using_cpk && !doing_cpk_scan) || key_uses_partial_cols(table, keyno)) (using_cpk && !doing_cpk_scan) || key_uses_partial_cols(share, keyno))
{ {
/* Use the default implementation */ /* Use the default implementation */
*flags |= HA_MRR_USE_DEFAULT_IMPL; *flags |= HA_MRR_USE_DEFAULT_IMPL;
...@@ -1572,7 +1574,7 @@ bool DsMrr_impl::choose_mrr_impl(uint keyno, ha_rows rows, uint *flags, ...@@ -1572,7 +1574,7 @@ bool DsMrr_impl::choose_mrr_impl(uint keyno, ha_rows rows, uint *flags,
return TRUE; return TRUE;
} }
uint add_len= table->key_info[keyno].key_length + primary_file->ref_length; uint add_len= share->key_info[keyno].key_length + primary_file->ref_length;
*bufsz -= add_len; *bufsz -= add_len;
if (get_disk_sweep_mrr_cost(keyno, rows, *flags, bufsz, &dsmrr_cost)) if (get_disk_sweep_mrr_cost(keyno, rows, *flags, bufsz, &dsmrr_cost))
return TRUE; return TRUE;
......
...@@ -627,7 +627,7 @@ private: ...@@ -627,7 +627,7 @@ private:
COST_VECT *cost); COST_VECT *cost);
bool get_disk_sweep_mrr_cost(uint keynr, ha_rows rows, uint flags, bool get_disk_sweep_mrr_cost(uint keynr, ha_rows rows, uint flags,
uint *buffer_size, COST_VECT *cost); uint *buffer_size, COST_VECT *cost);
bool check_cpk_scan(THD *thd, uint keyno, uint mrr_flags); bool check_cpk_scan(THD *thd, TABLE_SHARE *share, uint keyno, uint mrr_flags);
bool setup_buffer_sharing(uint key_size_in_keybuf, key_part_map key_tuple_map); bool setup_buffer_sharing(uint key_size_in_keybuf, key_part_map key_tuple_map);
......
...@@ -192,7 +192,7 @@ public: ...@@ -192,7 +192,7 @@ public:
(PREV_BITS(key_part_map, max_loose_keypart+1) & // (3) (PREV_BITS(key_part_map, max_loose_keypart+1) & // (3)
(found_part | loose_scan_keyparts)) == // (3) (found_part | loose_scan_keyparts)) == // (3)
PREV_BITS(key_part_map, max_loose_keypart+1) && // (3) PREV_BITS(key_part_map, max_loose_keypart+1) && // (3)
!key_uses_partial_cols(s->table, key)) !key_uses_partial_cols(s->table->s, key))
{ {
/* Ok, can use the strategy */ /* Ok, can use the strategy */
part1_conds_met= TRUE; part1_conds_met= TRUE;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment