Commit graph

372 commits

Author SHA1 Message Date
Anurag Shekhar
7c670fc3e1 Bug#37740 Server crashes on execute statement with full text search and
match against.


Server crashes when executing prepared statement with duplicating
MATCH() function calls in SELECT and ORDER BY expressions, e.g.:
SELECT MATCH(a) AGAINST('test') FROM t1 ORDER BY MATCH(a) AGAINST('test')

This query gets optimized by the server, so the value returned
by MATCH() from the SELECT list is reused for ORDER BY purposes.
To make this optimization server is comparing items from
SELECT and ORDER BY lists. We were getting server crash because
comparision function for MATCH() item is not intended to be called
at this point of execution.

In 5.0 and 5.1 this problem is workarounded by resetting MATCH()
item to the state as it was during PREPARE.

In 6.0 correct comparision function will be implemented and
duplicating MATCH() items from the ORDER BY list will be
optimized.
2009-07-15 15:00:58 +05:30
Ramil Kalimullin
71943e3628 Fix for bug#42009: SELECT into variable gives different results to direct SELECT
Problem: storing "SELECT ... INTO @var ..." results in variables we used val_xxx()
methods which returned results of the current row. 
So, in some cases (e.g. SELECT DISTINCT, GROUP BY or HAVING) we got data
from the first row of a new group (where we evaluate a clause) instead of
data from the last row of the previous group.

Fix: use val_xxx_result() counterparts to get proper results.
2009-02-24 18:47:12 +04:00
Georgi Kodinov
7fc8286257 auto merge 2009-01-16 16:48:41 +02:00
Gleb Shchepa
c1bf0475cf Bug #40761: Assert on sum function on
IF(..., CAST(longtext AS UNSIGNED), signed_val)
            (was: LEFT JOIN on inline view crashes server)

Select from a LONGTEXT column wrapped with an expression
like "IF(..., CAST(longtext_column AS UNSIGNED), smth_signed)"
failed an assertion or crashed the server. IFNULL function was
affected too.

LONGTEXT column item has a maximum length of 32^2-1 bytes,
at the same time this is a maximum possible length of any
MySQL item. CAST(longtext_column AS UNSIGNED) returns some
unsigned numeric result of length 32^2-1, so the result of
IF/IFNULL function of this number and some other signed number
will have text length of (32^2-1)+1=32^2 (one byte for the
minus sign) - there is integer overflow, and the length is
equal to zero. That caused assert/crash.

CAST AS UNSIGNED function has been modified to limit maximal
length of resulting number to 67 (maximal length of DECIMAL
and two characters for minus sign and dot).
2008-12-12 17:16:25 +04:00
Gleb Shchepa
03f9b2cea6 rollback of bug #40761 fix 2008-12-12 14:59:10 +04:00
Gleb Shchepa
ce8ad64dd2 Bug #40761: Assert on sum function on
IF(..., CAST(longtext AS UNSIGNED), signed_val)
            (was: LEFT JOIN on inline view crashes server)

Select from a LONGTEXT column wrapped with an expression
like "IF(..., CAST(longtext_column AS UNSIGNED), smth_signed)"
failed an assertion or crashed the server. IFNULL function was
affected too.

LONGTEXT column item has a maximum length of 32^2-1 bytes,
at the same time this is a maximum possible length of any
MySQL item. CAST(longtext_column AS UNSIGNED) returns some
unsigned numeric result of length 32^2-1, so the result of
IF/IFNULL function of this number and some other signed number
will have text length of (32^2-1)+1=32^2 (one byte for the
minus sign) - there is integer overflow, and the length is
equal to zero. That caused assert/crash.

The bug has been fixed by the same solution as in the CASE
function implementation.
2008-12-12 00:57:32 +04:00
Georgi Kodinov
f1a1e89f5a Bug #38637: COUNT DISTINCT prevents NULL testing in HAVING clause
IS NULL was not checking the correct row in a HAVING context.
At the first row of a new group (where the HAVING clause is evaluated)
the column and SELECT list references in the HAVING clause should 
refer to the last row of the previous group and not to the current one. 
This was not done for IS NULL, because it was using Item::is_null() doesn't
have a  Item_is_null_result() counterpart to access the data from the 
last row of the previous group. Note that all the Item::val_xxx() functions 
(e.g. Item::val_int()) have their _result counterparts (e.g. Item::val_int_result()).

Fixed by implementing a is_null_result() (similarly to int_result()) and
calling this instead of is_null() column and SELECT list references inside
the HAVING clause.
2008-10-17 13:55:16 +03:00
tnurnberg@mysql.com/white.intern.koehntopp.de
c6b4d7a7c4 Bug#34749: Server crash when using NAME_CONST() with an aggregate function
NAME_CONST('whatever', -1) * MAX(whatever) bombed since -1 was
not seen as constant, but as FUNCTION_UNARY_MINUS(constant)
while we are at the same time pretending it was a basic const
item. This confused the aggregate handlers in exciting ways.
We now make NAME_CONST() behave more consistently.
2008-02-28 14:23:22 +01:00
gluh@eagle.(none)
e039595029 Merge mysql.com:/home/gluh/MySQL/Merge/5.0
into  mysql.com:/home/gluh/MySQL/Merge/5.0-opt
2007-12-13 14:52:49 +04:00
gkodinov/kgeorge@magare.gmz
8c3d5135ba Bug #30355: Incorrect ordering of UDF results
There's currently no way of knowing the determinicity of an UDF.
And the optimizer and the sequence() UDFs were making wrong
assumptions about what the is_const member means.
Plus there was no implementation of update_system_tables()
causing the optimizer to overwrite the information returned by
the <udf>_init function.

Fixed by equating the assumptions about the semantics of 
is_const and providing a implementation of update_used_tables().
Added a TODO item for the UDF API change needed to make a better 
implementation.
2007-11-27 17:16:52 +02:00
ramil/ram@mysql.com/ramil.myoffice.izhnet.ru
924bdf2c78 Fix for bug #32558: group by null-returning expression with rollup causes crash
Problem: setting Item_func_rollup_const::null_value property to argument's null_value
before (without) the argument evaluation may result in a crash due to wrong null_value.

Fix: use is_null() to set Item_func_rollup_const::null_value instead as it evaluates
the argument if necessary and returns a proper value.
2007-11-21 20:53:44 +04:00
gluh@mysql.com/eagle.(none)
6b92ec4acb Bug#30889: filesort and order by with float/numeric crashes server
There are two problems with ROUND(X, D) on an exact numeric 
(DECIMAL, NUMERIC type) field of a table:
1) The implementation of the ROUND function would change the number of decimal
places regardless of the value decided upon in fix_length_and_dec. When the
number of decimal places is not constant, this would cause an inconsistent
state where the number of digits was less than the number of decimal places,
which crashes filesort.

Fixed by not allowing the ROUND operation to add any more decimal places than
was decided in fix_length_and_dec.

2) fix_length_and_dec would allow the number of decimals to be greater than
the maximium configured value for constant values of D. This led to the same 
crash as in (1).

Fixed by not allowing the above in fix_length_and_dec.
2007-10-29 15:39:56 +04:00
mhansson/martin@linux-st28.site
d29146f9f4 Bug#30832:Assertion + crash with select name_const('test',now());
Completion of previous patch. Negative number were denied
as the second argument to NAME_CONST.
2007-10-09 11:36:05 +02:00
evgen@moonbone.local
49af76ac8a Bug#31095: Unexpected NULL constant caused server crash.
The Item_func_rollup_const class is used for wrapping constants to avoid
wrong result for ROLLUP queries with DISTINCT and a constant in the select
list. This class is also used to wrap up a NULL constant but its null_value
wasn't set accordingly. This led to a server crash.

Now the null_value of an object of the Item_func_rollup_const class is set
by its fix_length_and_dec member function.
2007-10-01 20:03:50 +00:00
evgen@sunlight.local
36bf417b40 Bug#27216: functions with parameters of different date types may return wrong
type of the result.

There are several functions that accept parameters of different types.
The result field type of such functions was determined based on
the aggregated result type of its arguments. As the DATE and the DATETIME
types are represented by the STRING type, the result field type
of the affected functions was always STRING for DATE/DATETIME arguments.
The affected functions are COALESCE, IF, IFNULL, CASE, LEAST/GREATEST, CASE.

Now the affected functions aggregate the field types of their arguments rather
than their result types and return the result of aggregation as their result
field type.
The cached_field_type member variable is added to the number of classes to
hold the aggregated result field type.
The str_to_date() function's result field type now defaults to the
MYSQL_TYPE_DATETIME.
The agg_field_type() function is added. It aggregates field types with help
of the Field::field_type_merge() function.
The create_table_from_items() function now uses the 
item->tmp_table_field_from_field_type() function to get the proper field
when the item is a function with a STRING result type.
2007-09-22 11:49:27 +04:00
gshchepa/uchum@gleb.loc
73b2848f4f Fixed bug #29338.
Optimization of queries with DETERMINISTIC functions in the
WHERE clause was not effective: sequential scan was always
used.
Now a SF with the DETERMINISTIC flags is treated as constant
when it's arguments are constants (or a SF doesn't has arguments).
2007-07-19 18:39:01 +05:00
evgen@moonbone.local
88147d5cfe user_var.result:
Corrected test case result for the bug#28494.
item_func.h, item_func.cc:
  Corrected function names after fix for the bug#28494.
2007-06-03 15:56:48 +04:00
evgen@moonbone.local
4934646764 Bug#28494: Grouping by Item_func_set_user_var produces incorrect result.
This is an additional fix.
Item::val_xxx methods are supposed to use original data source and
Item::val_xxx_result methods to use the item's result field. But for the
Item_func_set_user_var class val_xxx_result methods were mapped to val_xxx
methods. This leads, in particular, to producing bad sort keys and thus
wrong order of the result set of queries with group by/order by clauses.

The set of val_xxx_result methods is added to the Item_func_set_user_var
class. It's the same as the val_xxx set of method but uses the result_field
to return a value.
2007-06-02 23:17:46 +04:00
evgen@moonbone.local
f70ae3a6de Bug#28494: Grouping by Item_func_set_user_var produces incorrect result.
The end_update() function uses the Item::save_org_in_field() function to
save original values of items into the group buffer. But for the 
Item_func_set_user_var this method was mapped to the save_in_field method.
The latter function wrongly decides to use the result_field. This leads to
saving incorrect value in the grouping buffer and wrong result of the whole
query.

The can_use_result_field argument of the bool type is added to the
Item_func_set_user_var::save_in_field() function. If it is set to FALSE
then the item's result field won't be used. Otherwise it will be detected
whether the result field will be used (old behaviour).
Two wrapping functions for the function above are added to the 
Item_func_set_user_var class:
the save_in_field(Field *field, bool no_conversions) - it calls the above
function with the can_use_result_field set to TRUE.
the save_org_in_field(Field *field) - same, but the can_use_result_field
is set to FALSE.
2007-06-01 01:17:14 +04:00
tsmith@siva.hindu.god
30bc713c77 Merge siva.hindu.god:/home/tsmith/m/bk/50
into  siva.hindu.god:/home/tsmith/m/bk/maint/50
2007-05-17 14:17:50 -06:00
msvensson@pilot.blaudden
a65d12a830 Backport of TIME->MYSQL_TIME / Y2K fixset
Made year 2000 handling more uniform
Removed year 2000 handling out from calc_days()
The above removes some bugs in date/datetimes with year between 0 and 200
Now we get a note when we insert a datetime value into a date column
For default values to CREATE, don't give errors for warning level NOTE
Fixed some compiler failures
Added library ws2_32 for windows compilation (needed if we want to compile with IOCP support)
Removed duplicate typedef TIME and replaced it with MYSQL_TIME

Better (more complete) fix for: Bug#21103 "DATE column not compared as DATE"
Fixed properly Bug#18997 "DATE_ADD and DATE_SUB perform year2K autoconversion magic on 4-digit year value"
Fixed Bug#23093 "Implicit conversion of 9912101 to date does not match cast(9912101 as date)"
2007-05-16 10:44:59 +02:00
holyfoot/hf@mysql.com/hfmain.(none)
069314eaf3 Merge mysql.com:/home/hf/work/27921/my50-27921
into  mysql.com:/home/hf/work/27957/my50-27957
2007-05-11 18:13:06 +05:00
holyfoot/hf@mysql.com/hfmain.(none)
d99b4c6a1a Bug #27921 View ignores precision for CAST()
Item_decimal_typecast::print properly implemented
2007-05-10 00:17:21 +05:00
evgen@moonbone.local
eddd02158b Additional fix for the bug#27759: Wrong DATE/DATETIME comparison in LEAST()/GREATEST() functions. 2007-05-08 00:08:00 +04:00
holyfoot/hf@mysql.com/hfmain.(none)
37a9575b2e Merge bk@192.168.21.1:mysql-5.0
into  mysql.com:/d2/hf/mrg/mysql-5.0-opt
2007-05-07 16:08:29 +05:00
evgen@moonbone.local
239f727b7e Bug#27759: Wrong DATE/DATETIME comparison in LEAST()/GREATEST() functions.
The LEAST/GREATEST functions compared DATE/DATETIME values as
strings which in some cases could lead to a wrong result.

A new member function called cmp_datetimes() is added to the
Item_func_min_max class. It compares arguments in DATETIME context
and returns index of the least/greatest argument.
The Item_func_min_max::fix_length_and_dec() function now detects when
arguments should be compared in DATETIME context and sets the newly
added flag compare_as_dates. It indicates that the cmp_datetimes() function
should be called to get a correct result.
Item_func_min_max::val_xxx() methods are corrected to call the
cmp_datetimes() function when needed.
Objects of the Item_splocal class now stores and reports correct original
field type.
2007-05-04 18:57:10 +04:00
tsmith@quadxeon.mysql.com
90468a7274 Merge quadxeon.mysql.com:/benchmarks/ext3/TOSAVE/tsmith/bk/50
into  quadxeon.mysql.com:/benchmarks/ext3/TOSAVE/tsmith/bk/maint/50
2007-05-01 18:12:04 +02:00
igor@olga.mysql.com
2cf753a1e8 Post-merge fix. 2007-04-29 20:14:35 -07:00
igor@olga.mysql.com
f9ac5b43cc Merge olga.mysql.com:/home/igor/mysql-4.1-opt
into  olga.mysql.com:/home/igor/dev-opt/mysql-5.0-opt-bug24856
2007-04-29 18:32:59 -07:00
igor@olga.mysql.com
ce0be732d0 Fixed bug #24856: the result set of a ROLLUP query with DISTINCT could lack
some rollup rows (rows with NULLs for grouping attributes) if GROUP BY
list contained constant expressions.

This happened because the results of constant expressions were not put
in the temporary table used for duplicate elimination. In fact a constant
item from the GROUP BY list of a ROLLUP query can be replaced for an
Item_null_result object when a rollup row is produced . 

Now the JOIN::rollup_init function wraps any constant item referenced in
the GROYP BY list of a ROLLUP query into an Item_func object of a special
class that is never detected as constant item. This ensures creation of
fields for such  constant items in temporary tables and guarantees right
results when the result of the rollup operation first has to be written
into a temporary table, e.g. in the cases when duplicate elimination is
required.
2007-04-29 16:04:43 -07:00
kaa@polly.local
561bd78654 Merge polly.local:/home/kaa/src/maint/bug24912/my50-bug24912
into  polly.local:/home/kaa/src/maint/mysql-5.0-maint
2007-04-28 20:26:14 +04:00
kaa@polly.local
050c6723e8 Fix for bug #24912 "problems with bigint in abs() ceiling() round() truncate() mod()" and a number of related problems:
- unsigned flag was not handled correctly for a number of mathematical funcions, which led to incorrect results
- passing large values as the number of decimals to ROUND() resulted in incorrect results and even server crashes in some cases
- reverted the fix and the testcase for bug #10083 as it violates the manual
- fixed some testcases which relied on broken ROUND() behavior
2007-04-28 20:01:01 +04:00
jani@ua141d10.elisa.omakaista.fi
335153121b Merge jamppa@bk-internal.mysql.com:/home/bk/mysql-5.0
into  ua141d10.elisa.omakaista.fi:/home/my/bk/mysql-5.0-marvel
2007-04-12 12:50:02 +03:00
acurtis/antony@xiphis.org/ltamd64.xiphis.org
d0e79056b1 Merge acurtis@bk-internal:/home/bk/mysql-5.0-engines
into  xiphis.org:/home/antony/work2/mysql-5.0-engines.merge
2007-04-06 18:07:02 +00:00
svoj@mysql.com/june.mysql.com
27d9265c26 BUG#25729 - boolean full text search is confused by NULLs produced by
LEFT JOIN
Fixed that in certain situations MATCH ... AGAINST returns false hits
for NULLs produced by LEFT JOIN when there is no fulltext index
available.
2007-04-02 17:26:39 +05:00
aelkin/elkin@andrepl.(none)
9856be570a Bug #27354 stored function in where condition was always treated as const
Possible problems: function call could be eliminated from where class and only
be evaluated once; function can be evaluated during table and item setup phase which could
cause side effects not to be registered in binlog.

Fixed with introducing func_item_sp::used_tables() returning the correct table_map constant.
2007-03-22 19:17:15 +02:00
Kristofer.Pettersson@naruto.
05bef7884a Bug#20777 Function w BIGINT UNSIGNED shows diff. behaviour with and without --ps-protocol
- Stored procedures returning unsinged values returns signed values if
  text protocol is used. The reason is that the stored proceedure item
  Item_func_sp wasn't initializing the member variables properly based
  on the information contained in the associated result field.
- The patch is to upon field-item association, ::fix_fields, initialize
  the member variables in appropriate order.
- Field type of an Item_func_sp was hard coded to MYSQL_TYPE_VARCHAR.
  This is changed to return the type of the actual result field.
- Member function name sp_result_field was refactored to the more 
  appropriate init_result_field.
- Member function name find_and_check_access was refactored to 
  sp_check_access.
2007-03-16 14:25:11 +01:00
evgen@moonbone.local
e098f736e1 Fixed bug#16861: User defined variable can have a wrong value if a tmp table was
used.

The Item::save_in_field() function is called from fill_record() to fill the 
new row with data while execution of the CREATE TABLE ... SELECT statement.
Item::save_in_field() calls val_xxx() methods in order to get values.
val_xxx() methods do not take into account the result field. Due to this
Item_func_set_user_var::val_xxx() methods returns values from the original
table, not from the temporary one.

The save_in_field() member function is added to the Item_func_set_user_var
class. It detects whether the result field should be used and properly updates
the value of the user variable.
2007-01-09 23:24:56 +03:00
kent@mysql.com/kent-amd64.(none)
6523aca729 my_strtoll10-x86.s:
Corrected spelling in copyright text
Makefile.am:
  Don't update the files from BitKeeper
Many files:
  Removed "MySQL Finland AB & TCX DataKonsult AB" from copyright header
  Adjusted year(s) in copyright header 
Many files:
  Added GPL copyright text
Removed files:
  Docs/Support/colspec-fix.pl
  Docs/Support/docbook-fixup.pl
  Docs/Support/docbook-prefix.pl
  Docs/Support/docbook-split
  Docs/Support/make-docbook
  Docs/Support/make-makefile
  Docs/Support/test-make-manual
  Docs/Support/test-make-manual-de
  Docs/Support/xwf
2006-12-31 01:02:27 +01:00
kent@mysql.com/kent-amd64.(none)
226a5c833f Many files:
Changed header to GPL version 2 only
2006-12-23 20:17:15 +01:00
msvensson@neptunus.(none)
128b73fc36 Merge neptunus.(none):/home/msvensson/mysql/mysql-5.0
into  neptunus.(none):/home/msvensson/mysql/mysql-5.0-maint
2006-12-04 19:28:38 +01:00
msvensson@neptunus.(none)
04d5a42bbf Merge neptunus.(none):/home/msvensson/mysql/mysql-5.0
into  neptunus.(none):/home/msvensson/mysql/mysql-5.0-maint
2006-11-28 20:59:57 +01:00
gkodinov/kgeorge@rakia.gmz
fb41ec6f22 Merge gkodinov@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  rakia.gmz:/home/kgeorge/mysql/autopush/B11927-5.0-opt
2006-11-28 15:47:53 +02:00
gkodinov/kgeorge@macbook.gmz
42cd956752 BUG#11927: Warnings shown for CAST( chr as signed) but not (chr + 0)
When implicitly converting string fields to numbers the 
 string-to-number conversion error was not sent to the client.
 Added code to send the conversion error as warning.
 
 We also need to prevent generation of warnings from the places
 where val_xxx() methods are called for the sole purpose of updating
 the Item::null_value flag.
 To achieve that a special function is added (and called) : 
 update_null_value(). This function will set the no_errors flag and
 will call val_xxx(). The warning generation in Field_string::val_xxx()
 will use the flag when generating the conversion warnings.
2006-11-28 15:44:11 +02:00
jpipes@shakedown.(none)
03a5dcd7ce Merge bk-internal.mysql.com:/home/bk/mysql-5.0-maint
into  shakedown.(none):/home/jpipes/dev/mysql-5.0-maint
2006-11-27 14:58:57 -05:00
holyfoot/hf@mysql.com/deer.(none)
e95e23b0f3 Merge bk@192.168.21.1:mysql-5.0-opt
into  mysql.com:/home/hf/work/mysql-5.0-0mrg
2006-11-17 10:30:16 +04:00
cmiller@zippy.cornsilk.net
19cb3d3bf7 Fix after merge. 2006-11-06 20:41:18 -05:00
gkodinov/kgeorge@rakia.gmz
1c6ede6aac Merge gkodinov@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  rakia.gmz:/home/kgeorge/mysql/autopush/B21809-5.0-opt
2006-10-31 16:15:35 +02:00
gkodinov/kgeorge@macbook.gmz
932d86bbb9 Bug #21809: Error 1356 while selecting from view with grouping though underlying
select OK.
The SQL parser was using Item::name to transfer user defined function attributes
to the user defined function (udf). It was not distinguishing between user defined 
function call arguments and stored procedure call arguments. Setting Item::name 
was causing Item_ref::print() method to print the argument as quoted identifiers 
and caused views that reference aggregate functions as udf call arguments (and 
rely on Item::print() for the text of the view to store) to throw an undefined 
identifier error.
Overloaded Item_ref::print to print aggregate functions as such when printing
the references to aggregate functions taken out of context by split_sum_func2()
Fixed the parser to properly detect using AS clause in stored procedure arguments
as an error.
Fixed printing the arguments of udf call to print properly the udf attribute.
2006-10-24 15:26:41 +03:00
kroki/tomash@moonlight.intranet
ee0cebf9a7 BUG#21726: Incorrect result with multiple invocations of LAST_INSERT_ID.
Note: bug#21726 does not directly apply to 4.1, as it doesn't have stored
procedures.  However, 4.1 had some bugs that were fixed in 5.0 by the
patch for bug#21726, and this patch is a backport of those fixes.
Namely, in 4.1 it fixes:

  - LAST_INSERT_ID(expr) didn't return value of expr (4.1 specific).

  - LAST_INSERT_ID() could return the value generated by current
    statement if the call happens after the generation, like in

      CREATE TABLE t1 (i INT AUTO_INCREMENT PRIMARY KEY, j INT);
      INSERT INTO t1 VALUES (NULL, 0), (NULL, LAST_INSERT_ID());

  - Redundant binary log LAST_INSERT_ID_EVENTs could be generated.
2006-10-06 13:34:07 +04:00