Fix of MDEV-3874: Server crashes in Item_field::print on a SELECT from a MERGE...

Fix of MDEV-3874: Server crashes in Item_field::print on a SELECT from a MERGE view with materialization+semijoin, subquery, ORDER BY. The problem was that in debugging binaries it try to print item to assign human readable name to the item. But subquery item was already freed (join_free/cleanup with full cleanup) so Item_field refers to temporary table which memory had been already freed.

Fix of MDEV-3874: Server crashes in Item_field::print on a SELECT from a MERGE...
Fix of MDEV-3874: Server crashes in Item_field::print on a SELECT from a MERGE view with materialization+semijoin, subquery, ORDER BY. The problem was that in debugging binaries it try to print item to assign human readable name to the item. But subquery item was already freed (join_free/cleanup with full cleanup) so Item_field refers to temporary table which memory had been already freed.
b8b875cb · unknown · 5e345281 · b8b875cb · b8b875cb · b8b875cb
Commit b8b875cb authored Nov 26, 2012 by unknown
Showing with 83 additions and 0 deletions

mysql-test/r/view.result mysql-test/r/view.result +32 -0

mysql-test/t/view.test mysql-test/t/view.test +35 -0

sql/sql_select.cc sql/sql_select.cc +13 -0

sql/sql_select.h sql/sql_select.h +3 -0

No files found.
--- a/mysql-test/r/view.result
+++ b/mysql-test/r/view.result
@@ -4825,4 +4825,36 @@ drop tables t1,t2;
 # -----------------------------------------------------------------
 # -- End of 5.3 tests.
 # -----------------------------------------------------------------
+#
+# MDEV-3874: Server crashes in Item_field::print on a SELECT
+# from a MERGE view with materialization+semijoin, subquery, ORDER BY
+#
+SET @save_optimizer_switch_MDEV_3874=@@optimizer_switch;
+SET optimizer_switch = 'materialization=on,semijoin=on';
+CREATE TABLE t1 (a INT) ENGINE=MyISAM;
+INSERT INTO t1 VALUES (1),(7);
+CREATE TABLE t2 (b INT) ENGINE=MyISAM;
+INSERT INTO t2 VALUES (4),(6);
+CREATE TABLE t3 (c INT) ENGINE=MyISAM;
+INSERT INTO t3 VALUES (1),(2);
+CREATE ALGORITHM=MERGE VIEW v1 AS SELECT  
+( SELECT a FROM t1 WHERE ( 1, 1 ) IN ( 
+SELECT b, c FROM t2, t3 HAVING c > 2 ) ) AS field1, 
+b + c AS field2 
+FROM t2, t3 AS table1
+GROUP BY field1, field2 ORDER BY field1;
+Warnings:
+Warning	1354	View merge algorithm can't be used here for now (assumed undefined algorithm)
+SELECT * FROM v1;
+field1	field2
+NULL	5
+NULL	7
+NULL	6
+NULL	8
+drop view v1;
+drop table t1,t2,t3;
+SET optimizer_switch=@save_optimizer_switch_MDEV_3874;
+# -----------------------------------------------------------------
+# -- End of 5.5 tests.
+# -----------------------------------------------------------------
 SET optimizer_switch=@save_optimizer_switch;
--- a/mysql-test/t/view.test
+++ b/mysql-test/t/view.test
@@ -4751,4 +4751,39 @@ drop tables t1,t2;
 --echo # -- End of 5.3 tests.
 --echo # -----------------------------------------------------------------

+--echo #
+--echo # MDEV-3874: Server crashes in Item_field::print on a SELECT
+--echo # from a MERGE view with materialization+semijoin, subquery, ORDER BY
+--echo #
+SET @save_optimizer_switch_MDEV_3874=@@optimizer_switch;
+
+SET optimizer_switch = 'materialization=on,semijoin=on';
+
+CREATE TABLE t1 (a INT) ENGINE=MyISAM;
+INSERT INTO t1 VALUES (1),(7);
+
+CREATE TABLE t2 (b INT) ENGINE=MyISAM;
+INSERT INTO t2 VALUES (4),(6);
+
+CREATE TABLE t3 (c INT) ENGINE=MyISAM;
+INSERT INTO t3 VALUES (1),(2);
+
+
+CREATE ALGORITHM=MERGE VIEW v1 AS SELECT  
+( SELECT a FROM t1 WHERE ( 1, 1 ) IN ( 
+SELECT b, c FROM t2, t3 HAVING c > 2 ) ) AS field1, 
+b + c AS field2 
+FROM t2, t3 AS table1
+GROUP BY field1, field2 ORDER BY field1;
+
+SELECT * FROM v1;
+
+drop view v1;
+drop table t1,t2,t3;
+SET optimizer_switch=@save_optimizer_switch_MDEV_3874;
+
+--echo # -----------------------------------------------------------------
+--echo # -- End of 5.5 tests.
+--echo # -----------------------------------------------------------------
+
 SET optimizer_switch=@save_optimizer_switch;
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -2074,6 +2074,7 @@ JOIN::reinit()
                                    ULL(0));

  first_record= 0;
+  cleaned= false;

  if (exec_tmp_table1)
  {
@@ -10623,6 +10624,7 @@ void JOIN::cleanup(bool full)
      {
 	tab->cleanup();
      }
+      cleaned= true;
    }
    else
    {
@@ -22409,6 +22411,17 @@ void st_select_lex::print(THD *thd, String *str, enum_query_type query_type)

  str->append(STRING_WITH_LEN("select "));

+  if (join && join->cleaned)
+  {
+    /*
+      JOIN already cleaned up so it is dangerous to print items
+      because temporary tables they pointed on could be freed.
+    */
+    str->append('#');
+    str->append(select_number);
+    return;
+  }
+
  /* First add options */
  if (options & SELECT_STRAIGHT_JOIN)
    str->append(STRING_WITH_LEN("straight_join "));

--- a/sql/sql_select.h
+++ b/sql/sql_select.h
@@ -1141,6 +1141,8 @@ public:
  bool          skip_sort_order;

  bool need_tmp, hidden_group_fields;
+  /* TRUE if there was full cleunap of the JOIN */
+  bool cleaned;
  DYNAMIC_ARRAY keyuse;
  Item::cond_result cond_value, having_value;
  List<Item> all_fields; ///< to store all fields that used in query
@@ -1268,6 +1270,7 @@ public:
    zero_result_cause= 0;
    optimized= 0;
    initialized= 0;
+    cleaned= 0;
    cond_equal= 0;
    having_equal= 0;
    exec_const_cond= 0;