Fix for bug #35298: GROUP_CONCAT with DISTINCT can crash the server (e22ef242) · Commits · Software / OSDI20 Artifacts / mariadb

mysql-test/r/func_gconcat.result

+26 −0

Original line number	Diff line number	Diff line
		@@ -946,4 +946,30 @@ GROUP BY 1
		d1
		NULL
		DROP TABLE t1;
		CREATE TABLE t1 (a INT);
		CREATE TABLE t2 (a INT);
		INSERT INTO t1 VALUES(1);
		SELECT GROUP_CONCAT(DISTINCT t2.a) FROM t1 LEFT JOIN t2 ON t2.a = t1.a GROUP BY t1.a;
		GROUP_CONCAT(DISTINCT t2.a)
		NULL
		DROP TABLE t1, t2;
		CREATE TABLE t1 (a INT, KEY(a));
		CREATE TABLE t2 (b INT);
		INSERT INTO t1 VALUES (NULL), (8), (2);
		INSERT INTO t2 VALUES (4), (10);
		SELECT 1 FROM t1 WHERE t1.a NOT IN
		(
		SELECT GROUP_CONCAT(DISTINCT t1.a)
		FROM t1 WHERE t1.a IN
		(
		SELECT b FROM t2
		)
		AND NOT t1.a >= (SELECT t1.a FROM t1 LIMIT 1)
		GROUP BY t1.a
		);
		1
		1
		1
		1
		DROP TABLE t1, t2;
		End of 5.0 tests

+36 −0

Original line number	Diff line number	Diff line
		@@ -657,4 +657,40 @@ SELECT s1.d1 FROM
		) AS s1;
		DROP TABLE t1;

		#
		# Bug #35298: GROUP_CONCAT with DISTINCT can crash the server
		#

		CREATE TABLE t1 (a INT);
		CREATE TABLE t2 (a INT);

		INSERT INTO t1 VALUES(1);

		SELECT GROUP_CONCAT(DISTINCT t2.a) FROM t1 LEFT JOIN t2 ON t2.a = t1.a GROUP BY t1.a;

		DROP TABLE t1, t2;

		#
		# Bug #36024: group_concat distinct in subquery crash
		#

		CREATE TABLE t1 (a INT, KEY(a));
		CREATE TABLE t2 (b INT);

		INSERT INTO t1 VALUES (NULL), (8), (2);
		INSERT INTO t2 VALUES (4), (10);

		SELECT 1 FROM t1 WHERE t1.a NOT IN
		(
		SELECT GROUP_CONCAT(DISTINCT t1.a)
		FROM t1 WHERE t1.a IN
		(
		SELECT b FROM t2
		)
		AND NOT t1.a >= (SELECT t1.a FROM t1 LIMIT 1)
		GROUP BY t1.a
		);

		DROP TABLE t1, t2;

		--echo End of 5.0 tests

+1 −1

Original line number	Diff line number	Diff line
		@@ -3222,7 +3222,7 @@ void Item_func_group_concat::clear()
		no_appended= TRUE;
		if (tree)
		reset_tree(tree);
		if (distinct)
		if (unique_filter)
		unique_filter->reset();
		/* No need to reset the table as we never call write_row */
		}