Commit graph

259 commits

Author SHA1 Message Date
Alexander Barkov
be2038e3cb MDEV-7950 Item_func::type() takes 0.26% in OLTP RO
Step 4 (there will be more)
2015-05-13 17:08:24 +04:00
Alexander Barkov
499deca7fc A clean-up for c8141f5314
MDEV-7950 Item_func::type() takes 0.26% in OLTP RO (Step#2)

- Item_ref was doing unnecessary extra job after the "MDEV-7950 Step#2" patch.
  Fallback to Item::build_equal_items() if real_type() is not FIELD_ITEM.
  Note, Item_ref::build_equal_items() will most likely be further simplified.
  Waiting for Sanja and Igor to check a possibly dead code.

- Safety: Adding Item_sum::build_equal_items() with ASSERT, as Item_sum
  should never appear in build_equal_items() context.
2015-04-29 17:53:27 +04:00
Alexander Barkov
04fb09d781 Deriving Item_row from Item_args and sharing more code
between Item_func, Item_sum, Item_row.
2015-04-24 12:59:21 +04:00
Alexander Barkov
8125db1d9a Moving fix_length_and_dec() from Item_result_field to Item_func_or_sum,
as the other decendants of Item_result_field (Item_avg_field,
Item_variance_field, Item_cache_wrapper) don't need fix_length_and_dec().
2015-04-17 12:36:31 +04:00
Alexander Barkov
99898c6f76 Minor reorganization in Item hierarchy, to remove duplicate code.
- Adding a new class Item_args, represending regular function or
  aggregate function arguments array.

- Adding a new class Item_func_or_sum,
  a parent class for Item_func and Item_sum

- Moving Item_result_field::name() to Item_func_or_sum(),
  as name() is not needed on Item_result_field level.
2015-04-17 09:52:44 +04:00
Sergei Golubchik
c4655cf862 cleanup: comments referring to non-extistent Item classes 2014-12-04 16:09:34 +01:00
Sergei Golubchik
0b9a0a3517 5.5 merge 2014-02-25 16:04:35 +01:00
Sergei Golubchik
84651126c0 MySQL-5.5.36 merge
(without few incorrect bugfixes and with 1250 files where only a copyright year was changed)
2014-02-17 11:00:51 +01:00
Murthy Narkedimilli
c92223e198 Updated/added copyright headers 2014-01-06 10:52:35 +05:30
Guilhem Bichot
c90cdf5d49 Bug#16539979 - BASIC SELECT COUNT(DISTINCT ID) IS BROKEN
Bug#17867117 - ERROR RESULT WHEN "COUNT + DISTINCT + CASE WHEN" NEED MERGE_WALK 

Problem:
COUNT DISTINCT gives incorrect result when it uses a Unique
Tree and its last inserted record has null value.

Here is how COUNT DISTINCT is processed, given that this query is not
using loose index scan.

When a row is produced as a result of joining tables (there is only
one table here), we store the SELECTed value in a Unique tree. This
allows elimination of any duplicates, and thus implements DISTINCT.

When we have processed all rows like this, we walk the Unique tree,
counting its elements, in Aggregator_distinct::endup() (tree->walk());
for each element we call Item_sum_count::add(). Such function wants to
ignore any NULL value, for that it checks item_sum -> args[0] ->
null_value. It is a mistake: when walking the Unique tree, the value
to be aggregated is not item_sum ->args[0] but rather table ->
field[0].

Solution:
instead of item_sum -> args[0] -> null_value, use arg_is_null(), which
knows where to look (like in fix for bug 57932).

As a consequence of this solution, we have to make arg_is_null() a
little more general:
1) Because it was so far only used for AVG() (which always has a
single argument), this function was looking at a single argument; now
that it has to work with COUNT(DISTINCT expression1,expression2), it
must look at all arguments.
2) Because we start using arg_is_null () for COUNT(DISTINCT), i.e. in
Item_sum_count::add (), it implies that we are also using it for
COUNT(no DISTINCT) (same add ()). For COUNT(no DISTINCT), the
nullness to check is that of item_sum -> args[0]. But the null_value
of such item is reliable only if val_*() has been called on it. So far
arg_is_null() was always used after a call to arg_val*(), so could
rely on null_value; but for COUNT, there is no call to arg_val*(), so
arg_is_null() has to call is_null() instead.

Testcase for 16539979 by Neeraj. Testcase for 17867117 contributed by
Xiaobin Lin from Taobao.
2013-12-04 12:32:42 +01:00
Sergei Golubchik
97e640b9ae 5.5 merge 2013-07-17 21:24:29 +02:00
Sergei Golubchik
005c7e5421 mysql-5.5.32 merge 2013-07-16 19:09:54 +02:00
Chaithra Gopalareddy
51555d2ae3 Merge from 5.1 to 5.5
sql/sql_class.h:
  Parsing for group_concat's order by  is made independent.
  As a result, add_order_to_list cannot be used anymore.
2013-04-14 08:09:56 +05:30
Chaithra Gopalareddy
2d83663380 Bug#16347426:ASSERTION FAILED: (SELECT_INSERT &&
!TABLES->NEXT_NAME_RESOLUTION_TABLE) || !TAB
      
Problem:
The context info of select query gets corrupted when a query
with group_concat having order by is present in an order by
clause of the select query. As a result, server crashes with
an assert.
      
Analysis:
While parsing order by for group_concat, it is presumed that
it is always present before the actual order by for the
select query.
As a result, parser uses select->order_list to populate the
order by items of group_concat and creates a select->gorder_list
to which select->order_list is copied onto. Once this is done,
it empties the select->order_list.
In the case presented in the bugpage, as order by is already
parsed when group_concat's order by is encountered, parser
presumes that it is the second order by in the select query
and creates fake_lex_unit which results in the change of
context info.
      
Solution:
Make group_concat's order by parsing independent of the select


sql/item_sum.cc:
  Change the argument as, select->gorder_list is not pointer anymore
sql/item_sum.h:
  Change the argument as, select->gorder_list is not pointer anymore
sql/mysql_priv.h:
  Parsing for group_concat's order by is made independent.
  As a result, add_order_to_list cannot be used anymore.
sql/sql_lex.cc:
  Parsing for group_concat's order by is made independent.
  As a result, add_order_to_list cannot be used anymore.
sql/sql_lex.h:
  Parsing for group_concat's order by is made independent.
  As a result, add_order_to_list cannot be used anymore.
sql/sql_yacc.yy:
   Make group_concat's order by parsing independent of the select
  queries order by.
2013-04-14 07:30:49 +05:30
Sergei Golubchik
4ec6fe10e5 remove ULL() and LL(), because they're totally unnecessary
and sometimes harmful (used with expressions)
2013-04-07 14:00:16 +02:00
Igor Babaev
323fdd7ac6 Fixed bug mdev-4311 (bug #68749).
This bug was introduced by the patch for WL#3220.
If the memory allocated for the tree to store unique elements
to be counted is not big enough to include all of them then
an external file is used to store the elements.
The unique elements are guaranteed not to be nulls. So, when 
reading them from the file we don't have to care about the null
flags of the read values. However, we should remove the flag 
at the very beginning of the process. If we don't do it and
if the last value written into the record buffer for the field
whose distinct values needs to be counted happens to be null,
then all values read from the file  are considered to be nulls
and are not counted in.
The fix does not remove a possible null flag for the read values.
Rather it just counts the values in the same way it was done
before WL #3220.
2013-03-27 19:17:32 -07:00
Sergei Golubchik
78d9fdb134 non-functional cleanup, clarifying CONVERT_IF_BIGGER_TO_BLOB 2013-01-07 20:21:05 +01:00
Igor Babaev
8b469eb515 Merge 5.3->5.5. 2012-03-01 14:22:22 -08:00
Igor Babaev
d2e3b33b8c Rolled back the patch for bug 791761.
A better fix for this bug will be pulled from mariadb-5.2.
2012-02-26 00:19:07 -08:00
Sergei Golubchik
38e3ae155d mysql-5.5 merge 2012-01-16 20:16:35 +01:00
Sergei Golubchik
4f435bddfd 5.3 merge 2012-01-13 15:50:02 +01:00
Michael Widenius
6d4224a31c Merge with 5.2.
no_error handling for select (used by INSERT ... SELECT) still needs to be fixed, but I will do that in a separate commit
2011-12-11 11:34:44 +02:00
Michael Widenius
6920457142 Merge with MariaDB 5.1 2011-11-24 18:48:58 +02:00
Michael Widenius
a8d03ab235 Initail merge with MySQL 5.1 (XtraDB still needs to be merged)
Fixed up copyright messages.
2011-11-21 19:13:14 +02:00
Sergei Golubchik
0e007344ea mysql-5.5.18 merge 2011-11-03 19:17:05 +01:00
Sergei Golubchik
76f0b94bb0 merge with 5.3
sql/sql_insert.cc:
  CREATE ... IF NOT EXISTS may do nothing, but
  it is still not a failure. don't forget to my_ok it.
  ******
  CREATE ... IF NOT EXISTS may do nothing, but
  it is still not a failure. don't forget to my_ok it.
sql/sql_table.cc:
  small cleanup
  ******
  small cleanup
2011-10-19 21:45:18 +02:00
Sergey Glukhov
bd4785a6b7 Bug#11750518 41090: ORDER BY TRUNCATES GROUP_CONCAT RESULT
When temporary tables is used for result sorting
result field for gconcat function is created using
group_concat_max_len size. It leads to result truncation
when character_set_results is multi-byte character set due
to insufficient tmp table field size.
The fix is to increase temporary table field size for
gconcat. Method make_string_field() is overloaded
for Item_func_group_concat class and uses
max_characters * collation.collation->mbmaxlen size for
result field. max_characters is maximum number of characters
what can fit into max_length size.


mysql-test/r/ctype_utf16.result:
  test result
mysql-test/r/ctype_utf32.result:
  test result
mysql-test/r/ctype_utf8.result:
  test result
mysql-test/t/ctype_utf16.test:
  test case
mysql-test/t/ctype_utf32.test:
  test case
mysql-test/t/ctype_utf8.test:
  test case
sql/item.h:
  make Item::make_string_field() virtual
sql/item_sum.cc:
  added Item_func_group_concat::make_string_field(TABLE *table) method
  which uses max_characters * collation.collation->mbmaxlen size for
  result item. max_characters is maximum number of characters what can
  fit into max_length size.
sql/item_sum.h:
  added Item_func_group_concat::make_string_field(TABLE *table) method
2011-10-12 17:41:25 +04:00
Igor Babaev
2e8542f462 Fixed LP bug #791761.
An aggregating query over an empty set of a join of two tables
with a rejecting HAVING clause erroneously could return a row.
It could happen in the cases when the optimizer made a conclusion
that the aggregating set was empty.
Wrong results were produced because the server missed initial
setting for aggregation functions in the mentioned cases.
2011-07-20 21:55:55 -07:00
unknown
99cce18955 Fixed LP BUG#800696.
The problem was that optimizer removes some outer references (it they are
constant for example) and the list of outer items built during prepare phase is
not actual during execution phase when we need it as the cache parameters.
First solution was use pointer on pointer on outer reference Item and
initialize temporary table on demand. This solved most problem except case
when optimiser also reduce Item which contains outer references ('OR' in
this bug test suite).

The solution is to build the list of outer reference items on execution
phase (after optimization) on demand (just before temporary table creation)
by walking Item tree and finding outer references among Item_ident
(Item_field/Item_ref) and Item_sum items.

Removed depends_on list (because it is not neede any mnore for the cache, in the place where it was used it replaced with upper_refs).

Added processor (collect_outer_ref_processor) and get_cache_parameters() methods to collect outer references (or other expression parameters in future).

mysql-test/r/subselect_cache.result:
  A new test added.
mysql-test/r/subselect_scache.result:
  Changes in creating the cache and its paremeters order or adding arguments of aggregate function (which is a parameter also, but this has no influence on the result).
mysql-test/t/subselect_cache.test:
  Added a new test.
sql/item.cc:
  depends_on removed.
  
  Added processor (collect_outer_ref_processor) and get_cache_parameters() methods to collect outer references.
  
  Item_cache_wrapper collect parameters befor initialization of its cache.
sql/item.h:
  depends_on removed.
  
  Added processor (collect_outer_ref_processor) and get_cache_parameters() methods to collect outer references.
sql/item_cmpfunc.cc:
  depends_on removed.
  
  Added processor (collect_outer_ref_processor) to collect outer references.
sql/item_cmpfunc.h:
  Added processor (collect_outer_ref_processor) to collect outer references.
sql/item_subselect.cc:
  depends_on removed.
  Added processor get_cache_parameters() method to collect outer references.
sql/item_subselect.h:
  depends_on removed.
  Added processor get_cache_parameters() method to collect outer references.
sql/item_sum.cc:
  Added processor (collect_outer_ref_processor) method to collect outer references.
sql/item_sum.h:
  Added processor (collect_outer_ref_processor) and get_cache_parameters() methods to collect outer references.
sql/opt_range.cc:
  depends_on removed.
sql/sql_base.cc:
  depends_on removed.
sql/sql_class.h:
  New iterator added.
sql/sql_expression_cache.cc:
  Build of list of items resolved in outer query done just before creating expression cache on the first execution of the subquery which removes influence of optimizer removing items (all optimization already done).
sql/sql_expression_cache.h:
  Build of list of items resolved in outer query done just before creating expression cache on the first execution of the subquery which removes influence of optimizer removing items (all optimization already done).
sql/sql_lex.cc:
  depends_on removed.
sql/sql_lex.h:
  depends_on removed.
sql/sql_list.h:
  Added add_unique method to add only unique elements to the list.
sql/sql_select.cc:
  Support of new Item list added.
sql/sql_select.h:
  Support of new Item list added.
2011-07-19 23:19:10 +03:00
Sergei Golubchik
9809f05199 5.5-merge 2011-07-02 22:08:51 +02:00
Kent Boortz
68f00a5686 Updated/added copyright headers 2011-06-30 17:37:13 +02:00
Kent Boortz
44135d4725 Updated/added copyright headers 2011-06-30 17:31:31 +02:00
Kent Boortz
02e07e3b51 Updated/added copyright headers 2011-06-30 17:46:53 +02:00
Michael Widenius
1be5462d59 Merge with MariaDB 5.1 2011-05-03 19:10:10 +03:00
Michael Widenius
e415ba0fb2 Merge with MySQL 5.1.57/58
Moved some BSD string functions from Unireg
2011-05-02 20:58:45 +03:00
Michael Widenius
3358cdd504 Merge with 5.1 to get in changes from MySQL 5.1.55 2011-02-28 19:39:30 +02:00
Michael Widenius
ff3da0f963 Change TABLE->alias to String for less memory reallocation
Changed some String.ptr() -> String.c_ptr() for String that are not guaranteed to end with \0
Removed some c_ptr() usage from parameters to functions that takes ptr & length
Use preallocate buffers to avoid calling malloc() for most operations. 


sql/event_db_repository.cc:
  alias is now a String
sql/event_scheduler.cc:
  c_ptr -> c_ptr_safe() to avoid warnings from valgrind.
sql/events.cc:
  c_ptr -> c_ptr_safe() to avoid warnings from valgrind.
  c_ptr -> ptr() as function takes ptr & length
sql/field.cc:
  alias is now a String
sql/field.h:
  alias is now a String
sql/ha_partition.cc:
  alias is now a String
sql/handler.cc:
  alias is now a String
  ptr() -> c_ptr() as string is not guaranteed to be \0 terminated
sql/item.cc:
  Store error parameter in separarte buffer to ensure correct error message
sql/item_func.cc:
  ptr() -> c_ptr_safe() as string is not guaranteed to be \0 terminated
sql/item_sum.h:
  Use my_strtod() instead of my_atof() to not have to make string \0 terminated
sql/lock.cc:
  alias is now a String
sql/log.cc:
  c_ptr() -> ptr() as function takes ptr & length
sql/log_event.cc:
  c_ptr_quick() -> ptr() as we only want to get the pointer to String buffer
sql/opt_range.cc:
  ptr() -> c_ptr() as string is not guaranteed to be \0 terminated
sql/opt_table_elimination.cc:
  alias is now a String
sql/set_var.cc:
  ptr() -> c_ptr() as string is not guaranteed to be \0 terminated
  c_ptr() -> c_ptr_safe() to avoid warnings from valgrind.
  c_ptr() -> ptr() as function takes ptr & length
  Simplify some code.
sql/sp.cc:
  c_ptr() -> ptr() as function takes ptr & length
sql/sp_rcontext.cc:
  alias is now a String
sql/sql_base.cc:
  alias is now a String.
  Here we win a realloc() for most alias usage.
sql/sql_class.cc:
  Use size descriptor for printf() to avoid accessing bytes outside of buffer
sql/sql_insert.cc:
  Change allocation of TABLE as it's now contains a String
  _ptr() -> ptr() as function takes ptr & length
sql/sql_load.cc:
  Use preallocate buffers to avoid calling malloc() for most operations.
sql/sql_parse.cc:
  Use c_ptr_safe() to ensure string is \0 terminated.
sql/sql_plugin.cc:
  c_ptr_quick() -> ptr() as function takes ptr & length
sql/sql_select.cc:
  alias is now a String
sql/sql_show.cc:
  alias is now a String
sql/sql_string.h:
  Added move() function to change who owns the string (owner does the free)
sql/sql_table.cc:
  alias is now a String
  c_ptr() -> c_ptr_safe() to avoid warnings from valgrind.
sql/sql_test.cc:
  c_ptr() -> c_ptr_safe() to avoid warnings from valgrind.
  alias is now a String
sql/sql_trigger.cc:
  c_ptr() -> c_ptr_safe() to avoid warnings from valgrind.
  Use field->init() to setup pointers to alias.
sql/sql_update.cc:
  alias is now a String
sql/sql_view.cc:
  ptr() -> c_ptr_safe() as string is not guaranteed to be \0 terminated
sql/sql_yacc.yy:
  r() -> c_ptr() as string is not guaranteed to be \0 terminated
sql/table.cc:
  alias is now a String
sql/table.h:
  alias is now a String
storage/federatedx/ha_federatedx.cc:
  Remove extra 1 byte alloc that is automaticly done by strmake()
  Ensure that error message ends with \0
storage/maria/ha_maria.cc:
  alias is now a String
storage/myisam/ha_myisam.cc:
  alias is now a String
2011-02-28 12:48:50 +02:00
Michael Widenius
58bb0769bd Merge with MySQL 5.1.55
- Fixed some issues with partitions and connection_string, which also fixed lp:716890 "Pre- and post-recovery crash in Aria"
- Fixed wrong assert in Aria

Now need to merge with latest xtradb before pushing 

sql/ha_partition.cc:
  Ensure that m_ordered_rec_buffer is not freed before close.
sql/mysqld.cc:
  Changed to use opt_stack_trace instead of opt_pstack.
  Removed references to pstack
sql/partition_element.h:
  Ensure that connect_string is initialized
storage/maria/ma_key_recover.c:
  Fixed wrong assert
2011-02-20 18:51:43 +02:00
Alexander Barkov
a2850a2f53 Bug#59149 valgrind warnings with "like .. escape .." function
Problem: when processing a query like:
  SELECT '' LIKE '1' ESCAPE COUNT(1);
escape_item->val_str() was never executed and the "escape" class member
stayed initialized, which led to valgrind uninitialized memory error.
      
Note, a query with some tables in "FROM" clause
returns ER_WRONG_ARGUMENTS in the same situation:

   SELECT '' LIKE '1' ESCAPE COUNT(1) FROM t1;
   ERROR 1210 (HY000): Incorrect arguments to ESCAPE

Fix: disallowing using aggregate functions in ESCAPE clause,
even if there are no tables used. There is no much use of that anyway.
2011-01-17 12:30:22 +03:00
Tor Didriksen
b503d77d5c Backport of fix for Bug#52123 2011-02-02 10:18:44 +01:00
Alexander Barkov
579df0dfc6 Merging from mysql-5.1 2011-01-17 12:39:59 +03:00
Sergey Glukhov
41f17a8707 5.1-bugteam->5.5-bugteam merge 2010-12-21 14:50:03 +03:00
Sergey Glukhov
e2db8e6ccb Bug#58030 crash in Item_func_geometry_from_text::val_str
Item_sum_max/Item_sum_min incorrectly set null_value flag and
attempt to get result in parent functions leads to crash.
This happens due to double evaluation of the function argumet.
First evaluation happens in the comparator and second one
happens in Item_cache::cache_value().
The fix is to introduce new Item_cache object which
holds result of the argument and use this cached value
as an argument of the comparator.

mysql-test/r/func_group.result:
  test case
mysql-test/t/func_group.test:
  test case
sql/item.cc:
  added assertion that ether we have some result or result is NULL.
sql/item_sum.cc:
  introduce new Item_cache object which
  holds result of the argument and use this cached value
  as an argument of the comparator.
sql/item_sum.h:
  introduce new Item_cache object which
  holds result of the argument and use this cached value
  as an argument of the comparator.
2010-12-21 14:34:11 +03:00
Georgi Kodinov
352ce1b596 Bug #57954: BIT_AND function returns incorrect results
when semijoin=on

When setting the aggregate function as having no rows to report
the function no_rows_in_result() was calling Item_sum::reset().
However this function in addition to cleaning up the aggregate 
value by calling aggregator_clear() was also adding the current
value to the aggregate value by calling aggregator_add().
Fixed by making no_rows_in_result() to call aggregator_clear()
directly.
Renamed Item_sum::reset to Item_sum::reset_and_add() to
and added a comment to avoid misinterpretation of what the
function does.
2010-12-08 14:28:06 +02:00
Guilhem Bichot
39b0af1e8c Fix for Bug#57932 "query with avg returns incorrect results":
when there was one NULL value, AVG(DISTINCT) could forget about other values.
See commit comment of item_sum.cc.

mysql-test/r/func_group.result:
  before the code fix, both SELECTs would return NULL
sql/item_sum.cc:
  Assume we are executing "SELECT AVG([DISTINCT] some_field) FROM some_table".
  and some_field is the single field of some_table for simplicity.
  Each time a row is processed (evaluate_join_record()->
  end_send_group()->update_sum_func()) an aggregator is notified,
  which itself notifies an Item_sum_avg.
  Without DISTINCT, this Item_sum_avg immediately increments its
  internal "sum of values" and "count of values" (the latter being
  Item_sum_avg::count). The count is incremented only if the row's value
  is not NULL (in Item_sum_avg::add()), per AVG() semantices. This row's value
  is available in args[0] of Item_sum_avg ("args[0]" stands for
  "the first argument of the item": it's an Item_field which automatically
  receives the row's value when a row is read from the table).
  bool Item_sum_avg::add()
  {
    if (Item_sum_sum::add()) << calculates the sum (ignores NULL)
      return TRUE;
    if (!args[0]->null_value)<<if added value is not NULL
      count++;       <<increment "count"
    return FALSE;
  }
  and everything works.
  With DISTINCT, when a row is processed by evaluate_join_record(),
  Item_sum_avg does no immediate computation, rather stores
  the row's value in a tree (to throw the value away if it is a duplicate
  of previous value, otherwise to remember all
  distinct values). It's only when it's time to send the average to the
  user (at end of the query:
  sub_select(end_of_records=true)->end_send_group()->
  select_send->send_data()->Protocol::send_result_set_row()->
  Item::send()->Item_sum_avg->val_str()), that we iterate over the tree,
  compute the sum and count: for this, for each element of the tree,
  Item_sum_avg::add() is called and has the same two steps as before:
  * Item_sum_sum::add() updates the sum (finding the tree element's value
  correctly, and determining correctly its NULLness - look for "arg_is_null"
  in that function)
  * the "if (!args[0]->null_value)" test right after, breaks: it uses args[0],
  which isn't the tree's element but rather the value for the last row
  processed by evaluate_join_record(). So if that last row was NULL,
  "count" stays 0 for each row, and AVG() then returns NULL (count==0 =>
  NULL, per AVG() semantics).
  The fix is to let the aggregator tell whether the value
  it just saw was NULL. The aggregator knows where to get the info
  thanks to virtual functions. Item_sum_sum::add() now asks
  the aggregator. Item_sum_avg() also asks the aggregator
  and then knows it shouldn't increment "count".
sql/item_sum.h:
  Aggregator can now tell about value/NULLness of just-aggregated value
2010-12-07 16:59:32 +01:00
Sergei Golubchik
65ca700def merge.
checkpoint.
does not compile.
2010-11-25 18:17:28 +01:00
Sergei Golubchik
04a4b43346 merge with 5.1 2010-10-25 15:21:16 +02:00
Sergei Golubchik
745cc74c33 5.1.51 merge 2010-10-19 15:58:35 +02:00
Alexey Kopytov
4124f1f467 Automerge. 2010-08-30 11:36:04 +04:00
Alexey Kopytov
d7d0f6390b Bug #54465: assert: field_types == 0 || field_types[field_pos]
== MYSQL_TYPE_LONGLONG

A MIN/MAX() function with a subquery as its argument could lead
to a debug assertion on debug builds or wrong data on release
ones.

The problem was a combination of the following factors:

- Item_sum_hybrid::fix_fields() might use the argument
(args[0]) to calculate 'hybrid_field_type' which was later used
to decide how the data should be sent to the client.

- Item_sum::make_field() might use the argument again to
calculate the field's type when sending result set metadata to
the client.

- The argument could be changed in between these two calls via
  Item::set_arg() leading to inconsistent metadata being
  reported.

Here is what was happening for the bug's test case:

1. Item_sum_hybrid::fix_fields() calculates hybrid_field_type
as MYSQL_TYPE_LONGLONG based on args[0] which is an
Item::SUBSELECT_ITEM at that time.

2. A temporary table is created to execute the
query. create_tmp_field_from_item() creates a Field_long object
according to the subselect's max_length.

3. The subselect item in Item_sum_hybrid is replaced by the
Item_field object referencing the newly created Field_long.

4. Item_sum::make_field() rightfully returns the
MYSQL_TYPE_LONG type when calculating the result set metadata.

5. When sending the actual data, Item::send() relies on the
virtual field_type() function which in our case returns
previously calculated hybrid_field_type == MYSQL_TYPE_LONGLONG.

It looks like the only solution is to never refer to the
argument's metadata after the result metadata has been
calculated in fix_fields(), since the argument itself may be
different by then. In this sense, Item_sum::make_field() should
never be used, because it may rely on the argument's metadata
and is only called after fix_fields(). The "default"
implementation in Item::make_field() should be used instead as
it relies only on field_type(), but not on the argument's type.

Fixed by removing Item_sum::make_field() so that the superclass
implementation Item::make_field() is always used.

mysql-test/r/func_group.result:
  Added a test case for bug #54465.
mysql-test/t/func_group.test:
  Added a test case for bug #54465.
sql/item_sum.cc:
  Removed Item_sum::make_field() so that the superclass
  implementation Item::make_field() is always used.
sql/item_sum.h:
  Removed Item_sum::make_field() so that the superclass
  implementation Item::make_field() is always used.
2010-08-27 13:44:35 +04:00