diff options
| author | Anurag Shekhar <anurag.shekhar@sun.com> | 2009-07-15 15:00:58 +0530 |
|---|---|---|
| committer | Anurag Shekhar <anurag.shekhar@sun.com> | 2009-07-15 15:00:58 +0530 |
| commit | 02ce97ad21f161eb6515abff91955b97afcf2b3d (patch) | |
| tree | 9e206cc3595cd920f5e4beab0baf579f22ae5629 | |
| parent | ad1d2890fcf0bcaba5f36b097e3b04026237c050 (diff) | |
| download | mariadb-git-02ce97ad21f161eb6515abff91955b97afcf2b3d.tar.gz | |
Bug#37740 Server crashes on execute statement with full text search and
match against.
Server crashes when executing prepared statement with duplicating
MATCH() function calls in SELECT and ORDER BY expressions, e.g.:
SELECT MATCH(a) AGAINST('test') FROM t1 ORDER BY MATCH(a) AGAINST('test')
This query gets optimized by the server, so the value returned
by MATCH() from the SELECT list is reused for ORDER BY purposes.
To make this optimization server is comparing items from
SELECT and ORDER BY lists. We were getting server crash because
comparision function for MATCH() item is not intended to be called
at this point of execution.
In 5.0 and 5.1 this problem is workarounded by resetting MATCH()
item to the state as it was during PREPARE.
In 6.0 correct comparision function will be implemented and
duplicating MATCH() items from the ORDER BY list will be
optimized.
mysql-test/r/fulltext.result:
Updated with the test case for Bug#37740
mysql-test/t/fulltext.test:
A test case for Bug#37740.
sql/item_func.h:
True initialization of 'table' happens in ::fix_fields(). As
Item_func_match::eq() may be called before ::fix_fields(), it is
expected that 'table' is initialized to 0 when it is reused.
This is mostly affecting prepared statements, when the same item
doesn't get destroyed, but rather cleaned up and reused.
| -rw-r--r-- | mysql-test/r/fulltext.result | 8 | ||||
| -rw-r--r-- | mysql-test/t/fulltext.test | 15 | ||||
| -rw-r--r-- | sql/item_func.h | 1 |
3 files changed, 24 insertions, 0 deletions
diff --git a/mysql-test/r/fulltext.result b/mysql-test/r/fulltext.result index 6ea17644f9d..b0197e0aec2 100644 --- a/mysql-test/r/fulltext.result +++ b/mysql-test/r/fulltext.result @@ -510,3 +510,11 @@ CREATE TABLE t1(a TEXT); SELECT GROUP_CONCAT(a) AS st FROM t1 HAVING MATCH(st) AGAINST('test' IN BOOLEAN MODE); ERROR HY000: Incorrect arguments to AGAINST DROP TABLE t1; +CREATE TABLE t1 (col text, FULLTEXT KEY full_text (col)); +PREPARE s FROM +"SELECT MATCH (col) AGAINST('findme') FROM t1 ORDER BY MATCH (col) AGAINST('findme')" + ; +EXECUTE s; +MATCH (col) AGAINST('findme') +DEALLOCATE PREPARE s; +DROP TABLE t1; diff --git a/mysql-test/t/fulltext.test b/mysql-test/t/fulltext.test index 76661ba4e63..9551c98f143 100644 --- a/mysql-test/t/fulltext.test +++ b/mysql-test/t/fulltext.test @@ -440,3 +440,18 @@ CREATE TABLE t1(a TEXT); --error ER_WRONG_ARGUMENTS SELECT GROUP_CONCAT(a) AS st FROM t1 HAVING MATCH(st) AGAINST('test' IN BOOLEAN MODE); DROP TABLE t1; + +# +# BUG#37740 Server crashes on execute statement with full text search and match against +# + +CREATE TABLE t1 (col text, FULLTEXT KEY full_text (col)); + +PREPARE s FROM + "SELECT MATCH (col) AGAINST('findme') FROM t1 ORDER BY MATCH (col) AGAINST('findme')" + ; + +EXECUTE s; +DEALLOCATE PREPARE s; +DROP TABLE t1; + diff --git a/sql/item_func.h b/sql/item_func.h index 33aeddfe6e6..47a13559e90 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -1456,6 +1456,7 @@ public: ft_handler->please->close_search(ft_handler); ft_handler= 0; concat_ws= 0; + table= 0; // required by Item_func_match::eq() DBUG_VOID_RETURN; } enum Functype functype() const { return FT_FUNC; } |