MDEV-10927: Crash When Using sort_union Optimization

In file sql/filesort.cc,when merge_buffers() is called then - queue_remove(&queue,0) is called - For the function queue_remove there is assertion states that the element to be removed should have index >=1 - this is causing the assertion to fail. Fixed by removing the top element.
2025-01-16 03:52:35 +01:00 · 2016-12-22 15:51:37 +05:30 · 2016-12-22 15:51:37 +05:30 · 706fb790bc
commit 706fb790bc
parent 5e051bfa15
3 changed files with 62 additions and 2 deletions
--- a/mysql-test/r/index_merge_innodb.result
+++ b/mysql-test/r/index_merge_innodb.result
@ -793,3 +793,32 @@ a	b	c
 9	d	d
 DROP TABLE t1;
 set optimizer_switch= @optimizer_switch_save;
+#
+# MDEV-10927: Crash When Using sort_union Optimization
+#
+set @tmp_optimizer_switch=@@optimizer_switch;
+SET optimizer_switch='index_merge_sort_intersection=on';
+SET SESSION sort_buffer_size = 1024;
+create table t1 (
+pk int(11) NOT NULL AUTO_INCREMENT,
+col1 int(11) NOT NULL,
+col2 int(11) NOT NULL,
+col3 int(11) NOT NULL,
+key2 int(11) NOT NULL,
+col4 int(11) NOT NULL,
+key1 int(11) NOT NULL,
+PRIMARY KEY (pk),
+KEY key1 (key1),
+KEY key2 (key2)
+) ENGINE=InnoDB AUTO_INCREMENT=12860259 DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT;
+create table t2(a int);
+insert into t2 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
+create table t3(a int);
+insert into t3 select A.a + B.a* 10 + C.a * 100 + D.a*1000 from t2 A, t2 B, t2 C, t2 D;
+insert into t1 (key1, key2, col1,col2,col3,col4)
+select  a,a, a,a,a,a from t3;
+SELECT sum(col1) FROM t1 FORCE INDEX (key1,key2) WHERE  (key1 between 10 and 8191+10) or (key2= 5);
+sum(col1)
+33632261
+drop table t1,t2,t3;
+set optimizer_switch=@tmp_optimizer_switch;
--- a/mysql-test/t/index_merge_innodb.test
+++ b/mysql-test/t/index_merge_innodb.test
@ -171,6 +171,37 @@ WHERE ( tb.b != ta.b OR tb.a = ta.a )
  AND ( tb.b = ta.c OR tb.b = ta.b );

 DROP TABLE t1;
-
 set optimizer_switch= @optimizer_switch_save;

+--echo #
+--echo # MDEV-10927: Crash When Using sort_union Optimization
+--echo #
+
+set @tmp_optimizer_switch=@@optimizer_switch;
+SET optimizer_switch='index_merge_sort_intersection=on';
+SET SESSION sort_buffer_size = 1024;
+
+create table t1 (
+pk int(11) NOT NULL AUTO_INCREMENT,
+col1 int(11) NOT NULL,
+col2 int(11) NOT NULL,
+col3 int(11) NOT NULL,
+key2 int(11) NOT NULL,
+col4 int(11) NOT NULL,
+key1 int(11) NOT NULL,
+PRIMARY KEY (pk),
+KEY key1 (key1),
+KEY key2 (key2)
+) ENGINE=InnoDB AUTO_INCREMENT=12860259 DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT;
+
+create table t2(a int);
+insert into t2 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
+
+create table t3(a int);
+insert into t3 select A.a + B.a* 10 + C.a * 100 + D.a*1000 from t2 A, t2 B, t2 C, t2 D;
+
+insert into t1 (key1, key2, col1,col2,col3,col4)
+select  a,a, a,a,a,a from t3;
+SELECT sum(col1) FROM t1 FORCE INDEX (key1,key2) WHERE  (key1 between 10 and 8191+10) or (key2= 5);
+drop table t1,t2,t3;
+set optimizer_switch=@tmp_optimizer_switch;
--- a/sql/filesort.cc
+++ b/sql/filesort.cc
@ -1411,7 +1411,7 @@ int merge_buffers(SORTPARAM *param, IO_CACHE *from_file,
      if (!(error= (int) read_to_buffer(from_file, buffpek,
                                        rec_length)))
      {
-        queue_remove(&queue,0);
+        (void) queue_remove_top(&queue);
        reuse_freed_buff(&queue, buffpek, rec_length);
      }
      else if (error == -1)