Commit graph

547 commits

Author SHA1 Message Date
Georgi Kodinov
7ba875d6e6 Bug #48293: crash with procedure analyse, view with > 10 columns,
having clause...

The fix for bug 46184 was not very complete. It was not covering
views using temporary tables and multiple tables in a FROM clause.
Fixed by reverting the fix for 46184 and making a more general
check that is checking at the right execution stage and for all
of the non-supported cases.
Now PROCEDURE ANALYZE on non-top level SELECT is also forbidden.
Updated the analyse.test and subselect.test accordingly.
2009-10-30 11:40:44 +02:00
Georgi Kodinov
8ca8f70daa Bug #46749: Segfault in add_key_fields() with outer subquery level
field references

This error requires a combination of factors : 
1. An "impossible where" in the outermost SELECT
2. An aggregate in the outermost SELECT
3. A correlated subquery with a WHERE clause that includes an outer 
field reference as a top level WHERE sargable predicate

When JOIN::optimize detects an "impossible WHERE" it will bail out
without doing the rest of the work and initializations. It will not
call make_join_statistics() as well.  And make_join_statistics fills 
in various structures for each table referenced.
When processing the result of the "impossible WHERE" the query must
send a single row of data if there are aggregate functions in it.
In this case the server marks all the aggregates as having received 
no rows and calls the relevant Item::val_xxx() method on the SELECT
list. However if this SELECT list happens to contain a correlated 
subquery this subquery is evaluated in a normal evaluation mode.
And if this correlated subquery has a reference to a field from the 
outermost "impossible where" SELECT the add_key_fields will mistakenly
consider the outer field reference as a "local" field reference when 
looking for sargable predicates.
But since the SELECT where the outer field reference refers to is not
completely initialized due to the "impossible WHERE" in this level
we'll get a NULL pointer reference.
Fixed by making a better condition for discovering if a field is "local"
to the SELECT level being processed. 
It's not enough to look for OUTER_REF_TABLE_BIT in this case since 
for outer references to constant tables the Item_field::used_tables() 
will return 0 regardless of whether the field reference is from the 
local SELECT or not.
2009-08-27 14:40:42 +03:00
Sergey Glukhov
d9d71d0f50 Bug#46184 Crash, SELECT ... FROM derived table procedure analyze
The crash happens because select_union object is used as result set
for queries which have derived tables.
select_union use temporary table as data storage and if
fields count exceeds 10(count of values for procedure ANALYSE())
then we get a crash on fill_record() function.
2009-08-27 15:22:19 +05:00
Evgeny Potemkin
32b02e0b4d Bug#46051: Incorrectly market field caused wrong result.
When during the optimization an item is moved to the upper select
the item's context left unchanged. This caused wrong result in the 
PS/SP mode.
The Item_ident::remove_dependence_processor now sets the context
of the select to which the item is moved to.
2009-07-18 18:09:56 +04:00
Evgeny Potemkin
af2c91b701 Bug#46051: Incorrectly market field caused wrong result.
In a subselect all fields from outer selects are marked as dependent on
selects they are belong to. In some cases optimizer substitutes it for an
equivalent expression. For example "a_field IN (SELECT outer_field)" is
substituted with "a_field = outer_field". As we moved the outer_field to the
upper select it's not really outer anymore. But it was left marked as outer.
If exists an index over a_field optimizer choose wrong execution plan and thus
return wrong result.

Now the Item_in_subselect::single_value_transformer function removes dependent
marking from fields when a subselect is optimized away.
2009-07-16 19:43:46 +04:00
Chad MILLER
978e8e06b0 Merge 5.0.80 release and 5.0 community. Version left at 5.0.80. 2009-04-14 13:20:13 -04:00
Matthias Leich
33445d8fb9 This belongs to the fix for
Bug#42003 tests missing the disconnect of connections <> default
second slice
Content:
1. wait_until_count_sessions.inc
   - One PB run of a test using this routine failed because
     5 seconds timeout were exceeded. Although I have some doubts
     if the assigned timeout was really too small, I increase the
     value to 10. We waste the additional 5 seconds only if the
     tests fails anyway.
   - Print the content of the PROCESSLIST if the poll routine fails
2. minor improvements of formatting
3. query_cache_notembedded:
   Activate the wait_until_count_sessions.inc routine which was
   unfortunately forgotten in the changeset before.
2009-02-09 21:52:40 +01:00
Matthias Leich
a63c2e5c30 2. Slice of fix for Bug#42003 tests missing the disconnect of connections <> default
- If missing: add "disconnect <session>"
   - If physical disconnect of non "default" sessions is not finished
     at test end: add routine which waits till this happened
+ additional improvements
  - remove superfluous files created by the test
  - replace error numbers by error names
  - remove trailing spaces, replace tabs by spaces
  - unify writing of bugs within comments
  - correct comments
  - minor changes of formatting
Fixed tests:
  backup
  check
  compress
  grant
  information_schema
  multi_update
  overflow
  packet
  query_cache_not_embedded
  sp-threads
  subselect
  synchronization
  timezone_grant
2009-02-05 21:47:23 +01:00
Sergey Glukhov
2fb574214e Bug#37460 Assertion failed: !table->file || table->file->inited == handler::NONE
enable uncacheable flag if we update a view with check option
and check option has a subselect, otherwise, the check option
can be evaluated after the subselect was freed as independent
(See full_local in JOIN::join_free())
2008-11-27 17:57:34 +04:00
Sergey Glukhov
a72c980c74 Bug#34760 Character set autodetection appears to fail
the problem is the same as reported in bug#20835,
so the fix is backport of bug#20835 patch.
2008-11-21 16:39:59 +04:00
Igor Babaev
da156dde08 Fixed bug #38191.
Calling List<Cached_item>::delete_elements for the same list twice
caused a crash of the server in the function JOIN::cleaunup.
Ensured that delete_elements() in JOIN::cleanup would be called only once.
2008-07-26 13:44:07 -07:00
gkodinov/kgeorge@magare.gmz
df3341a764 Bug #36011: server crash with explain extended on query
with dependent subqueries
An IN subquery is executed on EXPLAIN when it's not correlated.
If the subquery required a temporary table for its execution
not all the internal structures were restored from pointing to
the items of the temporary table to point back to the items of
the subquery.
Fixed by restoring the ref array when a temp tables were used in
executing the IN subquery during EXPLAIN EXTENDED.
2008-05-16 17:05:55 +03:00
gshchepa/uchum@host.loc
9c70737410 subselect.test, subselect.result:
Post-commit minor cleanup of testcase (bug#36139).
2008-04-23 14:22:49 +05:00
sergefp@mysql.com
dc01e1d612 BUG#36139 "float, zerofill, crash with subquery"
- Make convert_zerofill_number_to_string() take into account that the 
  constant it is converting may evaluate to NULL.
2008-04-22 02:53:12 +04:00
evgen@moonbone.local
56d955a5a0 Bug#33266: Incorrect test case for the bug#31048 failing on some platforms.
The test case for the bug#31048 checks that there is no crash on stack
overrun. But due to different stack sizes on different platforms it failed
on some of them.

The new test case check that a query with at least 4 level subquery nesting
works without the stack overrun nesting and other levels of nesting doesn't
cause a crash.
2008-02-20 17:41:39 +03:00
kaa@kaamos.(none)
6619db580d Fixed a PushBuild failure of the system_mysql_db test caused by the lack
of cleanups in the test case for bug33794.
2008-01-20 13:46:55 +03:00
sergefp@mysql.com
d56ac2f37b BUG#33794 "MySQL crashes executing specific query":
The problem occurred when one had a subquery that had an equality X=Y where 
Y referred to a named select list expression from the parent select. MySQL 
crashed when trying to use the X=Y equality for ref-based access. 

Fixed by allowing non-Item_field items in the described case.
2008-01-18 22:50:36 +03:00
evgen@moonbone.local
ce111a0d73 Bug#33675: Usage of an uninitialized memory by filesort in a subquery caused
server crash.

The filesort implementation has an optimization for subquery execution which
consists of reusing previously allocated buffers. In particular the call to
the read_buffpek_from_file function might be skipped when a big enough buffer
for buffer descriptors (buffpeks) is already allocated. Beside allocating
memory for buffpeks this function fills allocated buffer with data read from
disk. Skipping it might led to using an arbitrary memory as fields' data and
finally to a crash.

Now the read_buffpek_from_file function is always called. It allocates
new buffer only when necessary, but always fill it with correct data.
2008-01-09 00:40:41 +03:00
tnurnberg@white.intern.koehntopp.de
55d6d04df0 Merge tnurnberg@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  mysql.com:/misc/mysql/31177/50-31177
2007-12-02 01:48:43 +01:00
tnurnberg@mysql.com/white.intern.koehntopp.de
31d4e58ad4 Bug#31177: Server variables can't be set to their current values
Default values of variables were not subject to upper/lower bounds
and step, while setting variables was. Bounds and step are also
applied to defaults now; defaults are corrected quietly, values
given by the user are corrected, and a correction-warning is thrown
as needed. Lastly, very large values could wrap around, starting
from 0 again. They are bounded at the maximum value for the
respective data-type now if no lower maximum is specified in the
variable's definition.
2007-11-30 06:32:04 +01:00
gkodinov/kgeorge@magare.gmz
6008aa2187 Merge gkodinov@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  magare.gmz:/home/kgeorge/mysql/autopush/B32036-5.0-opt
2007-11-26 14:02:02 +02:00
gkodinov/kgeorge@magare.gmz
55afc5c201 Bug #32036: EXISTS within a WHERE clause with a UNION
crashes MySQL 5.122
There was a difference in how UNIONs are handled
on top level and when in sub-query.
Because the rules for sub-queries were syntactically
allowing cases that are not currently supported by
the server we had crashes (this bug) or wrong results
(bug 32051).
Fixed by making the syntax rules for UNIONs match the 
ones at top level.

These rules however do not support nesting UNIONs, e.g.
(SELECT a FROM t1 UNION ALL SELECT b FROM t2) 
 UNION
(SELECT c FROM t3 UNION ALL SELECT d FROM t4)
Supports for statements with nested UNIONs will be
added in a future version.
2007-11-26 13:36:24 +02:00
gkodinov/kgeorge@magare.gmz
0b40c63fd3 Merge gkodinov@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  magare.gmz:/home/kgeorge/mysql/autopush/B32400-5.0-opt
2007-11-23 15:30:16 +02:00
evgen@moonbone.local
3f163915bf opt_range.cc:
Fix for the bug#31048 for 64bit platforms.
subselect.test, subselect.result:
  Corrected text case for the bug#31048.
2007-11-23 00:16:17 +03:00
gkodinov/kgeorge@magare.gmz
430157e666 Merge gkodinov@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  magare.gmz:/home/kgeorge/mysql/autopush/B30788-5.0-opt
2007-11-21 11:46:15 +02:00
gkodinov/kgeorge@magare.gmz
2e2ac428ae Bug #30788: Inconsistent retrieval of char/varchar
Index lookup does not always guarantee that we can
simply remove the relevant conditions from the WHERE
clause. Reasons can be e.g. conversion errors, 
partial indexes etc. 
The optimizer was removing these parts of the WHERE 
condition without any further checking.
This leads to "false positives" when using indexes.
Fixed by checking the index reference conditions
(using WHERE) when using indexes with sub-queries.
2007-11-21 11:40:05 +02:00
gkodinov/kgeorge@magare.gmz
846cbf3cd0 Bug #32400: Complex SELECT query returns correct result
only on some occasions

Referencing an element from the SELECT list in a WHERE 
clause is not permitted. The namespace of the WHERE
clause is the table columns only. This was not enforced
correctly when resolving outer references in sub-queries.

Fixed by not allowing references to aliases in a 
sub-query in WHERE.
2007-11-20 19:18:21 +02:00
evgen@moonbone.local
6f6fe52ad2 Merge epotemkin@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  moonbone.local:/work/31048-bug-5.0-opt-mysql
2007-11-19 21:15:53 +00:00
evgen@moonbone.local
67cae0d48d Bug#31048: Many nested subqueries may cause server crash.
This bug is actually two. The first one manifests itself on an EXPLAIN
SELECT query with nested subqueries that employs the filesort algorithm.
The whole SELECT under explain is marked as UNCACHEABLE_EXPLAIN to preserve
some temporary structures for explain. As a side-effect of this values of
nested subqueries weren't cached and subqueries were re-evaluated many
times. Each time buffer for filesort was allocated but wasn't freed because
freeing occurs at the end of topmost SELECT. Thus all available memory was
eaten up step by step and OOM event occur.
The second bug manifests itself on SELECT queries with conditions where
a subquery result is compared with a key field and the subquery itself also
has such condition. When a long chain of such nested subqueries is present
the stack overrun occur. This happens because at some point the range optimizer
temporary puts the PARAM structure on the stack. Its size if about 8K and
the stack is exhausted very fast.

Now the subselect_single_select_engine::exec function allows subquery result
caching when the UNCACHEABLE_EXPLAIN flag is set.
Now the SQL_SELECT::test_quick_select function calls the check_stack_overrun
function for stack checking purposes to prevent server crash.
2007-11-19 20:00:25 +00:00
gshchepa/uchum@gleb.loc
0aabb89ee1 Fixed bug #28076: inconsistent binary/varbinary comparison.
After adding an index the <VARBINARY> IN (SELECT <BINARY> ...)
clause returned a wrong result: the VARBINARY value was illegally padded
with zero bytes to the length of the BINARY column for the index search.
(<VARBINARY>, ...) IN (SELECT <BINARY>, ... ) clauses are affected too.
2007-11-10 23:44:48 +04:00
gkodinov/kgeorge@magare.gmz
01fe24cd68 Bug #31884: Assertion + crash in subquery in the SELECT clause.
Item_in_subselect's only externally callable method is val_bool().
However the nullability in the wrapper class (Item_in_optimizer) is 
established by calling the "forbidden" method val_int().

Fixed to use the correct method (val_bool() ) to establish nullability 
of Item_in_subselect in Item_in_optimizer.
2007-10-30 14:27:21 +02:00
gkodinov/kgeorge@magare.gmz
38172240e3 Bug#27333: subquery grouped for aggregate of outer
query / no aggregate of subquery
 The optimizer counts the aggregate functions that 
 appear as top level expressions (in all_fields) in 
 the current subquery. Later it makes a list of these
 that it uses to actually execute the aggregates in
 end_send_group().
 That count is used in several places as a flag whether
 there are aggregates functions.
 While collecting the above info it must not consider
 aggregates that are not aggregated in the current 
 context. It must treat them as normal expressions 
 instead. Not doing that leads to incorrect data about
 the query, e.g. running a query that actually has no
 aggregate functions as if it has some (and hence is
 expected to return only one row).
 Fixed by ignoring the aggregates that are not aggregated
 in the current context. 
 One other smaller omission discovered and fixed in the 
 process : the place of aggregation was not calculated for
 user defined functions. Fixed by calling 
 Item_sum::init_sum_func_check() and 
 Item_sum::check_sum_func() as it's done for the rest of 
 the aggregate functions.
2007-06-29 10:39:17 +03:00
igor@olga.mysql.com
2d29a57f2b Fixed bug #28811: crash for a query containing a subquery with
ORDER BY and LIMIT 1. 
The bug was introduced by the patch for bug 21727. The patch
erroneously skipped initialization of the array of headers
for sorted records for non-first evaluations of the subquery.

To fix the problem a new parameter has been added to the
function make_char_array that performs the initialization.
Now this function is called for any invocation of the 
filesort procedure. Yet it allocates the buffer for sorted
records only if this parameter is NULL.
2007-06-07 22:35:31 -07:00
gluh@mysql.com/eagle.(none)
cf41df22f8 after merge fix 2007-06-06 18:55:21 +05:00
gluh@eagle.(none)
026f402674 Merge mysql.com:/home/gluh/MySQL/Merge/4.1-opt
into  mysql.com:/home/gluh/MySQL/Merge/5.0-opt
2007-06-06 18:33:04 +05:00
gluh@mysql.com/eagle.(none)
466da4ccf1 Bug#28553 mysqld crash in "purge master log before(select time from information_schema)"
forbid the use of subselect in PURGE LOGS BEFORE command
2007-06-06 18:29:15 +05:00
igor@olga.mysql.com
5cbebf0a18 Fixed bug #28728: a crash when executing EXPLAIN EXTENDED for a query
using a derived table over a grouping subselect.

This crash happens only when materialization of the derived tables 
requires creation of auxiliary temporary table, for example when
a grouping operation is carried out with usage of a temporary table.

The crash happened because EXPLAIN EXTENDED when printing the query
expression made an attempt to use the objects created in the mem_root
of the temporary table which has been already freed by the moment
when printing is called.

This bug appeared after the method Item_field::print() had been 
introduced.
2007-06-02 11:44:16 -07:00
igor@olga.mysql.com
8c34ae268c Fixed bug #28337: wrong results for grouping queries with correlated
subqueries in WHERE conditions.
This bug was introduced by the patch for bug 27321.
2007-05-16 23:42:10 -07:00
gkodinov/kgeorge@magare.gmz
27624ee4e8 Merge gkodinov@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  magare.gmz:/home/kgeorge/mysql/autopush/B27807-5.0-opt
2007-05-04 10:57:14 +03:00
gkodinov/kgeorge@magare.gmz
6badb08ce3 Bug #27807.
Non-correlated scalar subqueries may get executed
in EXPLAIN at the optimization phase if they are
part of a right hand sargable expression.
If the scalar subquery uses a temp table to 
materialize its results it will replace the 
subquery structure from the parser with a simple
select from the materialization table.
As a result the EXPLAIN will crash as the 
temporary materialization table is not to be shown
in EXPLAIN at all.
Fixed by preserving the original query structure
right after calling optimize() for scalar subqueries
with temp tables executed during EXPLAIN.
2007-05-04 10:48:51 +03:00
evgen@moonbone.local
72e53ede3a Merge epotemkin@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  moonbone.local:/mnt/gentoo64/work/27590-bug-5.0-opt-mysql
2007-04-27 21:07:05 +04:00
evgen@moonbone.local
4747fa0c03 Bug#27590: Wrong DATE/DATETIME comparison.
DATE and DATETIME can be compared either as strings or as int. Both
methods have their disadvantages. Strings can contain valid DATETIME value
but have insignificant zeros omitted thus became non-comparable with
other DATETIME strings. The comparison as int usually will require conversion
from the string representation and the automatic conversion in most cases is
carried out in a wrong way thus producing wrong comparison result. Another
problem occurs when one tries to compare DATE field with a DATETIME constant.
The constant is converted to DATE losing its precision i.e. losing time part.

This fix addresses the problems described above by adding a special
DATE/DATETIME comparator. The comparator correctly converts DATE/DATETIME
string values to int when it's necessary, adds zero time part (00:00:00)
to DATE values to compare them correctly to DATETIME values. Due to correct
conversion malformed DATETIME string values are correctly compared to other
DATE/DATETIME values.

As of this patch a DATE value equals to DATETIME value with zero time part.
For example '2001-01-01' equals to '2001-01-01 00:00:00'.

The compare_datetime() function is added to the Arg_comparator class.
It implements the correct comparator for DATE/DATETIME values.
Two supplementary functions called get_date_from_str() and get_datetime_value()
are added. The first one extracts DATE/DATETIME value from a string and the
second one retrieves the correct DATE/DATETIME value from an item.
The new Arg_comparator::can_compare_as_dates() function is added and used
to check whether two given items can be compared by the compare_datetime()
comparator.
Two caching variables were added to the Arg_comparator class to speedup the
DATE/DATETIME comparison.
One more store() method was added to the Item_cache_int class to cache int
values.
The new is_datetime() function was added to the Item class. It indicates
whether the item returns a DATE/DATETIME value.
2007-04-27 00:12:09 +04:00
gkodinov/kgeorge@magare.gmz
f4ec0f1cbe Merge gkodinov@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  magare.gmz:/home/kgeorge/mysql/autopush/B27363-5.0-opt
2007-04-26 11:16:01 +03:00
gkodinov/kgeorge@magare.gmz
bfa29e175e Bug #27363:
Validity checks for nested set functions
were not taking into account that the enclosed
set function may be on a nest level that is
lower than the nest level of the enclosing set
function.
Fixed by :
 - propagating max_sum_func_level
up the enclosing set functions chain.
 - updating the max_sum_func_level of the 
   enclosing set function when the enclosed set
   function is aggregated above or on the same
   nest level of as the level of the enclosing 
   set function.
 - updating the max_arg_level of the enclosing
   set function on a reference that refers to
   an item above or on the same nest level
   as the level of the enclosing set function.
 - Treating both Item_field and Item_ref as possibly
   referencing items from outer nest levels.
2007-04-26 11:12:17 +03:00
gshchepa/uchum@gshchepa.loc
f5a229b3d1 Bug#27704: incorrect comparison of rows with NULL components
Support for NULL components was incomplete for row comparison,
fixed.  Added support for abort_on_null at compare_row() like
in 5.x
2007-04-20 15:14:09 +05:00
evgen@moonbone.local
51badaddbc subselect.test, subselect.result:
After merge fix.
2007-04-15 09:22:45 +04:00
evgen@moonbone.local
922a5a969c Merge epotemkin@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  moonbone.local:/mnt/gentoo64/work/27321-bug-5.0-opt-mysql
2007-04-15 08:41:35 +04:00
evgen@moonbone.local
3113ce6383 Bug#27321: Wrong subquery result in a grouping select.
The Item_outer_ref class based on the Item_direct_ref class was always used
to represent an outer field. But if the outer select is a grouping one and the 
outer field isn't under an aggregate function which is aggregated in that
outer select an Item_ref object should be used to represent such a field.
If the outer select in which the outer field is resolved isn't grouping then
the Item_field class should be used to represent such a field.
This logic also should be used for an outer field resolved through its alias
name.

Now the Item_field::fix_outer_field() uses Item_outer_field objects to
represent aliased and non-aliased outer fields for grouping outer selects
only.
Now the fix_inner_refs() function chooses which class to use to access outer
field - the Item_ref or the Item_direct_ref. An object of the chosen class
substitutes the original field in the Item_outer_ref object.
The direct_ref and the found_in_select_list fields were added to the
Item_outer_ref class.
2007-04-15 08:31:34 +04:00
igor@olga.mysql.com
adc07255ee Fixed bug #27348.
If a set function with a outer reference s(outer_ref) cannot be aggregated 
the outer query against which the reference has been resolved then MySQL
interpretes s(outer_ref) in the same way as it would interpret s(const).
Hovever the standard requires throwing an error in this situation.
Added some code to support this requirement in ansi mode.
Corrected another minor bug in Item_sum::check_sum_func.
2007-03-27 09:48:10 -07:00
igor@olga.mysql.com
8f9178e857 Fixed bug #27229: crash when a set function aggregated in outer
context was used as an argument of GROUP_CONCAT.
Ensured correct setting of the depended_from field in references
generated for set functions aggregated in outer selects.
A wrong value of this field resulted in wrong maps returned by 
used_tables() for these references.
Made sure that a temporary table field is added for any set function
aggregated in outer context when creation of a temporary table is 
needed to execute the inner subquery.
2007-03-22 14:48:03 -07:00