Commit 86c5cad4 authored by sergefp@mysql.com's avatar sergefp@mysql.com

BUG#21077: Possible crash caused by invalid sequence of handler::* calls: ...

BUG#21077: Possible crash caused by invalid sequence of handler::* calls:                                                
The crash was caused by invalid sequence of handler::** calls:                                                           
  ha_smth->index_init();                                                                                                 
  ha_smth->index_next_same(); (2)                                                                                        
(2) is an invalid call as it was not preceeded by any 'scan setup' call
like index_first() or index_read(). The cause was that QUICK_SELECT::reset()
didn't "fully reset" the quick select- current QUICK_RANGE wasn't forgotten,
and quick select might attempt to continue reading the range, which would
result in the above mentioned invalid sequence of handler calls.

5.x versions are not affected by the bug - they already have the missing
"range=NULL" clause.                                                    
                                                       
parent 40a1fbdf
...@@ -83,3 +83,24 @@ b a ...@@ -83,3 +83,24 @@ b a
3 3 3 3
3 3 3 3
DROP TABLE t1, t2, t3; DROP TABLE t1, t2, t3;
CREATE TABLE `t1` (`id1` INT) ;
INSERT INTO `t1` (`id1`) VALUES (1),(5),(2);
CREATE TABLE `t2` (
`id1` INT,
`id2` INT NOT NULL,
`id3` INT,
`id4` INT NOT NULL,
UNIQUE (`id2`,`id4`),
KEY (`id1`)
) ENGINE=InnoDB;
INSERT INTO `t2`(`id1`,`id2`,`id3`,`id4`) VALUES
(1,1,1,0),
(1,1,2,1),
(5,1,2,2),
(6,1,2,3),
(1,2,2,2),
(1,2,1,1);
SELECT `id1` FROM `t1` WHERE `id1` NOT IN (SELECT `id1` FROM `t2` WHERE `id2` = 1 AND `id3` = 2);
id1
2
DROP TABLE t1, t2;
...@@ -90,3 +90,30 @@ SELECT STRAIGHT_JOIN SQL_NO_CACHE t1.b, t1.a FROM t1, t3, t2 WHERE ...@@ -90,3 +90,30 @@ SELECT STRAIGHT_JOIN SQL_NO_CACHE t1.b, t1.a FROM t1, t3, t2 WHERE
t3.a = t2.a AND t2.b = t1.a AND t3.b = 1 AND t3.c IN (1, 2) t3.a = t2.a AND t2.b = t1.a AND t3.b = 1 AND t3.c IN (1, 2)
ORDER BY t1.b LIMIT 5; ORDER BY t1.b LIMIT 5;
DROP TABLE t1, t2, t3; DROP TABLE t1, t2, t3;
# BUG#21077 (The testcase is not deterministic so correct execution doesn't
# prove anything) For proof one should track if sequence of ha_innodb::* func
# calls is correct.
CREATE TABLE `t1` (`id1` INT) ;
INSERT INTO `t1` (`id1`) VALUES (1),(5),(2);
CREATE TABLE `t2` (
`id1` INT,
`id2` INT NOT NULL,
`id3` INT,
`id4` INT NOT NULL,
UNIQUE (`id2`,`id4`),
KEY (`id1`)
) ENGINE=InnoDB;
INSERT INTO `t2`(`id1`,`id2`,`id3`,`id4`) VALUES
(1,1,1,0),
(1,1,2,1),
(5,1,2,2),
(6,1,2,3),
(1,2,2,2),
(1,2,1,1);
SELECT `id1` FROM `t1` WHERE `id1` NOT IN (SELECT `id1` FROM `t2` WHERE `id2` = 1 AND `id3` = 2);
DROP TABLE t1, t2;
...@@ -86,7 +86,7 @@ public: ...@@ -86,7 +86,7 @@ public:
QUICK_SELECT(THD *thd, TABLE *table,uint index_arg,bool no_alloc=0); QUICK_SELECT(THD *thd, TABLE *table,uint index_arg,bool no_alloc=0);
virtual ~QUICK_SELECT(); virtual ~QUICK_SELECT();
void reset(void) { next=0; it.rewind(); } void reset(void) { next=0; it.rewind(); range= NULL;}
int init() int init()
{ {
key_part_info= head->key_info[index].key_part; key_part_info= head->key_info[index].key_part;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment