The bug happens because of a combination of unfortunate circumstances:
1. Arguments args[0] and args[2] of Item_func_concat point recursively
(through Item_direct_view_ref's) to the same Item_func_conv_charset.
Both args[0]->args[0]->ref[0] and args[2]->args[0]->ref[0] refer to
this Item_func_conv_charset.
2. When Item_func_concat::args[0]->val_str() is called,
Item_func_conv_charset::val_str() writes its result to
Item_func_conc_charset::tmp_value.
3. Then, for optimization purposes (to avoid copying),
Item_func_substr::val_str() initializes Item_func_substr::tmp_value
to point to the buffer fragment owned by Item_func_conv_charset::tmp_value
Item_func_substr::tmp_value is returned as a result of
Item_func_concat::args[0]->val_str().
4. Due to optimization to avoid memory reallocs,
Item_func_concat::val_str() remembers the result of args[0]->val_str()
in "res" and further uses "res" to collect the return value.
5. When Item_func_concat::args[2]->val_str() is called,
Item_func_conv_charset::tmp_value gets overwritten (see #1),
which effectively overwrites args[0]'s Item_func_substr::tmp_value (see #3),
which effectively overwrites "res" (see #4).
This patch does the following:
a. Changes Item_func_conv_charset::val_str(String *str) to use
tmp_value and str the other way around. After this change tmp_value
is used to store a temporary result, while str is used to return the value.
The fixes the second problem (without SUBSTR):
SELECT CONCAT(t2,'-',t2) c2
FROM (SELECT CONVERT(t USING latin1) t2 FROM t1) sub;
As Item_func_concat::val_str() supplies two different buffers when calling
args[0]->val_str() and args[2]->val_str(), in the new reduction the result
created during args[0]->val_str() does not get overwritten by
args[2]->val_str().
b. Fixing the same problem in val_str() for similar classes
Item_func_to_base64
Item_func_from_base64
Item_func_weight_string
Item_func_hex
Item_func_unhex
Item_func_quote
Item_func_compress
Item_func_uncompress
Item_func_des_encrypt
Item_func_des_decrypt
Item_func_conv_charset
Item_func_reverse
Item_func_soundex
Item_func_aes_encrypt
Item_func_aes_decrypt
Item_func_buffer
c. Fixing Item_func::val_str_from_val_str_ascii() the same way.
Now Item_str_ascii_func::ascii_buff is used for temporary value,
while the parameter passed to val_str() is used to return the result.
This fixes the same problem when conversion (from ASCII to e.g. UCS2)
takes place. See the ctype_ucs.test for example queries that returned
wrong results before the fix.
d. Some Item_func descendand classes had temporary String buffers
(tmp_value and tmp_str), but did not really use them.
Removing these temporary buffers from:
Item_func_decode_histogram
Item_func_format
Item_func_binlog_gtid_pos
Item_func_spatial_collection:
e. Removing Item_func_buffer::tmp_value, because it's not used any more.
f. Renaming Item_func_[un]compress::buffer to "tmp_value",
for consistency with other classes.
Note, this patch does not fix the following classes
(although they have a similar problem):
Item_str_conv
Item_func_make_set
Item_char_typecast
They have a complex implementations and simple swapping between "tmp_value"
and "str" won't work. These classes will be fixed separately.
GENERATED BY THE EXP() FUNCTION
When generating the error message for numeric overflow, pass a flag to
Item::print() that prevents it from expanding constant expressions and
parameters to the values they evaluate to.
For consistency, also pass the flag to Item::print() when
Item_func_spatial_collection::fix_length_and_dec() generates an error
message. It doesn't make any difference at the moment, since constant
expressions haven't been evaluated yet when this function is called.
- Turning get_mm_tree_for_const() from a static function into
a protected method in Item.
- Adding a new class Item_bool_func2_with_rev, for the functions and operators
that have a reverse function and can use the range optimizer for
to optimize "value OP field" as "field REV_OP value". Deriving
Item_bool_rowready_func2 and Item_funt_spatial_rel from the new class.
- Removing Item_bool_func2::have_rev_func().
Added mandatory thd parameter to Item (and all derivative classes) constructor.
Added thd parameter to all routines that may create items.
Also removed "current_thd" from Item::Item. This reduced number of
pthread_getspecific() calls from 290 to 177 per OLTP RO transaction.
Moving Item_func_spatial_rel from Item_bool_func to Item_bool_func2.
to make OP(const,field) use indexes.
- MBR functions supported OP(const,field) optimization in 10.0,
but were inintentionally broken in an earlier 10.1 change that introduced
a common parent for Item_func_spatial_mbr_rel and Item_func_spatial_precise_rel.
- Precise functions never supported optimization for OP(const,field).
Now both MBR and precise functions support OP(const,field) optimization.
adding a separte class Item_func_spatial_relate for ST_RELATE().
This is a preparatory patch for:
MDEV-8239 Reverse spatial operations OP(const, field) do not get optimized
as Item_func_spatial_mbr_rel needs nothing from Item_bool_func2.
- Renaming Item_func_spacial_rel (the class that implements precise spacial
relations) to Item_func_spatial_precise_rel
- Adding a new abstract class Item_func_spatial_rel as a common parent
for Item_func_spatial_precise_rel and Item_func_spatial_mbr_rel.
- Renaming Item::is_bool_func() to is_bool_type(), to avoid assumption
that the item is an Item_func derivant.
- Deriving Item_func_spatial_rel from Item_bool_func rather than Item_int_func
Other fix of maybe_null problem and revert of revno: 3608 "MDEV-3873 & MDEV-3876 & MDEV-3912 : Wrong result (extra rows) with ALL subquery from a MERGE view."
from a MERGE view.
The problem was in the lost ability to be null for the table of a left join if it
is a view/derived table.
It hapenned because setup_table_map(), was called earlier then we merged
the view or derived.
Fixed by propagating new maybe_null flag during Item::update_used_tables().
Change in join_outer.test and join_outer_jcl6.test appeared because
IS NULL reported no used tables (i.e. constant) for argument which could not be
NULL and new maybe_null flag was propagated for IS NULL argument (Item_field)
because table the Item_field belonged to changed its maybe_null status.
Checks for thd->killed state added to the long loops in geometry calculations.
per-file comments:
sql/gcalc_slicescan.cc
Fix for bug #809849 spatial operations must be KILL-able.
checks for TERMINATED_STATE added.
sql/gcalc_slicescan.h
Fix for bug #809849 spatial operations must be KILL-able.
defines added to include checks for termination in the
library.
sql/gcalc_tools.cc
Fix for bug #809849 spatial operations must be KILL-able.
checks for TERMINATED_STATE added.
sql/gcalc_tools.h
Fix for bug #809849 spatial operations must be KILL-able.
TERMINATED_STATE pointers added.
sql/item_geofunc.cc
Fix for bug #809849 spatial operations must be KILL-able.
sql/item_geofunc.h
Fix for bug #809849 spatial operations must be KILL-able.
855485 ST_CROSSES returns different result than PostGIS for overlapping polygons
855487 ST_WITHIN returns wrong result for partially overlapping polygons
855492 ST_WITHIN returns TRUE on point on the edge of a polygon
855497 ST_ENVELOPE of GEOMETRYCOLLECTION EMPTY returns NULL and not GEOMETRYCOLLECTION EMPTY
855503 ST_EQUALS reports TRUE between a POLYGON and a MULTILINESTRING
855505 ST_TOUCHES reports TRUE for intersecting polygon and linestring
Changed the way weird functions like Crosses or Touches treated.
Added BORDER handling to the Gcalc_function.
per-file comments:
mysql-test/r/gis-precise.result
GIS bugs fixed.
test result updated.
mysql-test/t/gis-precise.test
GIS bugs fixed.
test cases added.
sql/gcalc_slicescan.h
GIS bugs fixed.
sql/gcalc_tools.cc
GIS bugs fixed.
sql/gcalc_tools.h
GIS bugs fixed.
sql/item_create.cc
GIS bugs fixed.
sql/item_geofunc.cc
GIS bugs fixed.
sql/item_geofunc.h
GIS bugs fixed.
sql/spatial.cc
GIS bugs fixed.
Collections were treated mistakenly, so the counter for the final UNION operation
received the wrong value.
As a fix we implement Item_func_buffer::Transporter::start_collection() method,
where we set the proper operation and the operand counter.
start_poly() and start_line() were also modified to function correctly for the
polygon as a part of a collection.
per-file comments:
mysql-test/r/gis-precise.result
bug #801199 Infinite recursion in Gcalc_function::count_internal with ST_BUFFER over MULTIPOINT
test result updated.
mysql-test/t/gis-precise.test
bug #801199 Infinite recursion in Gcalc_function::count_internal with ST_BUFFER over MULTIPOINT
test case added.
sql/item_geofunc.cc
bug #801199 Infinite recursion in Gcalc_function::count_internal with ST_BUFFER over MULTIPOINT
start_collection() implemented.
sql/item_geofunc.h
bug #801199 Infinite recursion in Gcalc_function::count_internal with ST_BUFFER over MULTIPOINT
Item_func_buffer::Transporter::start_collection() defined.
- Fixed some issues with partitions and connection_string, which also fixed lp:716890 "Pre- and post-recovery crash in Aria"
- Fixed wrong assert in Aria
Now need to merge with latest xtradb before pushing
sql/ha_partition.cc:
Ensure that m_ordered_rec_buffer is not freed before close.
sql/mysqld.cc:
Changed to use opt_stack_trace instead of opt_pstack.
Removed references to pstack
sql/partition_element.h:
Ensure that connect_string is initialized
storage/maria/ma_key_recover.c:
Fixed wrong assert
Item_func_spatial_collection::fix_length_and_dec didn't call parent's method, so
the maybe_null was set to '0' after it. But in this case the result was
just NULL, that caused wrong behaviour.
per-file comments:
mysql-test/r/gis.result
Bug #57321 crashes and valgrind errors from spatial types
test result updated.
mysql-test/t/gis.test
Bug #57321 crashes and valgrind errors from spatial types
test case added.
sql/item_geofunc.h
Bug #57321 crashes and valgrind errors from spatial types
Item_func_geometry::fix_length_and_dec() called in
Item_func_spatial_collection::fix_length_and_dec().
Item_func_spatial_collection::fix_length_and_dec didn't call parent's method, so
the maybe_null was set to '0' after it. But in this case the result was
just NULL, that caused wrong behaviour.
per-file comments:
mysql-test/r/gis.result
Bug #57321 crashes and valgrind errors from spatial types
test result updated.
mysql-test/t/gis.test
Bug #57321 crashes and valgrind errors from spatial types
test case added.
sql/item_geofunc.h
Bug #57321 crashes and valgrind errors from spatial types
Item_func_geometry::fix_length_and_dec() called in
Item_func_spatial_collection::fix_length_and_dec().
Item_func_spatial_collection::fix_length_and_dec()
changed to use argument's print() method to print
the ER_ILLEGAL_VALUE_FOR_TYPE error.
mysql-test/r/gis.result:
Fix for bug#56679: gis.test: valgrind error
- test result adjusted.
sql/item_geofunc.h:
Fix for bug#56679: gis.test: valgrind error
- use argument's print() method instead of improper val_str()
call in the Item_func_spatial_collection::fix_length_and_dec(), as
it's applicable only for constant items.