Commit d95c307f authored by unknown's avatar unknown
Browse files

This is a fix for the memory corruption occurred in one of test cases 

from func_group.test after the patch for bug #27229 had been applied.
The memory corruption happened because in some rare cases the function
count_field_types underestimated the number of elements in
in the array param->items_to_copy.


sql/item_sum.cc:
  The return value of the Item_sum::update_used_tables method
  should not depend on the place of aggregation of the set 
  function for which the Item_sum object has been created.
sql/sql_select.cc:
  This is a fix for the memory corruption occurred in one of test cases
  from func_group.test after the patch for bug #27229 had been applied.
  The memory corruption happened because in some rare cases the function
  count_field_types underestimated the number of elements in
  in the array param->items_to_copy.
  
  Currently it's not guaranteed that after JOIN::prepare() the 
  used_tables attribute is calculated for all items. For example
  for the expression SUM(outer_ref)+1 used_tables() must return
  OUTER_REF_TABLE_BIT. Yet by the moment when the used_tables
  attribute is calculated in JOIN::prepare SUM(outer_ref) has
  not been substituted for Item_aggregate_ref yet.
  By this reason additional calls of the method update_used_tables
  are needed for some items passed as parameters to the function
  create_tmp_table.
parent a220fc48

sql/item_sum.cc

+1 −2
Original line number Diff line number Diff line
@@ -449,7 +449,6 @@ void Item_sum::update_used_tables () 
    used_tables_cache&= PSEUDO_TABLE_BITS;



    /* the aggregate function is aggregated into its local context */

    if (aggr_level == nest_level)

    used_tables_cache |=  (1 << aggr_sel->join->tables) - 1;

  }

}

sql/sql_select.cc

+16 −10
Original line number Diff line number Diff line
@@ -9196,9 +9196,12 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List<Item> &fields, 
    Item::Type type=item->type();

    if (not_all_columns)

    {

      if (item->with_sum_func && type != Item::SUM_FUNC_ITEM &&

          (type == Item::SUBSELECT_ITEM ||

           (item->used_tables() & ~PSEUDO_TABLE_BITS)))

      if (item->with_sum_func && type != Item::SUM_FUNC_ITEM)

      {

        if (item->used_tables() & OUTER_REF_TABLE_BIT)

          item->update_used_tables();

        if (type == Item::SUBSELECT_ITEM ||

            (item->used_tables() & ~OUTER_REF_TABLE_BIT))

        {

	  /*

	    Mark that the we have ignored an item that refers to a summary
@@ -9208,6 +9211,7 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List<Item> &fields, 
	  param->using_indirect_summary_function=1;

	  continue;

        }

      }

      if (item->const_item() && (int) hidden_field_count <= 0)

        continue; // We don't have to store this

    }
@@ -9391,6 +9395,7 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List<Item> &fields, 
    table->s->default_values= table->record[1]+alloc_length;

  }

  copy_func[0]=0;				// End marker

  param->func_count= copy_func - param->items_to_copy; 



  recinfo=param->start_recinfo;

  null_flags=(uchar*) table->record[0];
@@ -13571,6 +13576,7 @@ count_field_types(TMP_TABLE_PARAM *param, List<Item> &fields, 
	if (!sum_item->quick_group)

	  param->quick_group=0;			// UDF SUM function

	param->sum_func_count++;

        param->func_count++;



	for (uint i=0 ; i < sum_item->arg_count ; i++)

	{