diff options
| author | unknown <igor@rurik.mysql.com> | 2006-09-20 08:08:57 -0700 |
|---|---|---|
| committer | unknown <igor@rurik.mysql.com> | 2006-09-20 08:08:57 -0700 |
| commit | 1b5bd18dc6b34d3dc50b7495bae8c05e5125c0dc (patch) | |
| tree | 233cc52e16acff8f5fc37736fcfbe43730aea711 | |
| parent | 76b354dcf73d87de3abb2bf482954c261e4d995b (diff) | |
| download | mariadb-git-1b5bd18dc6b34d3dc50b7495bae8c05e5125c0dc.tar.gz | |
Fixed bug #22015: crash with GROUP_CONCAT over a derived table
that returns the results of aggregation by GROUP_CONCAT.
The crash was due to an overflow happened for the field
sortoder->length.
The fix prevents this overflow exploiting the fact that the
value of sortoder->length cannot be greater than the value of
thd->variables.max_sort_length.
mysql-test/r/func_gconcat.result:
Added a test case for bug #22015.
mysql-test/t/func_gconcat.test:
Added a test case for bug #22015.
| -rw-r--r-- | mysql-test/r/func_gconcat.result | 9 | ||||
| -rw-r--r-- | mysql-test/t/func_gconcat.test | 15 | ||||
| -rw-r--r-- | sql/filesort.cc | 1 |
3 files changed, 25 insertions, 0 deletions
diff --git a/mysql-test/r/func_gconcat.result b/mysql-test/r/func_gconcat.result index 6617ccc671e..93925670d01 100644 --- a/mysql-test/r/func_gconcat.result +++ b/mysql-test/r/func_gconcat.result @@ -654,3 +654,12 @@ CHAR_LENGTH( GROUP_CONCAT(b) ) 240001 SET GROUP_CONCAT_MAX_LEN = 1024; DROP TABLE t1; +CREATE TABLE t1 (a int, b int); +INSERT INTO t1 VALUES (2,1), (1,2), (2,2), (1,3); +SELECT GROUP_CONCAT(a), x +FROM (SELECT a, GROUP_CONCAT(b) x FROM t1 GROUP BY a) AS s +GROUP BY x; +GROUP_CONCAT(a) x +2 1,2 +1 2,3 +DROP TABLE t1; diff --git a/mysql-test/t/func_gconcat.test b/mysql-test/t/func_gconcat.test index 98c21986aa9..b5c468e1638 100644 --- a/mysql-test/t/func_gconcat.test +++ b/mysql-test/t/func_gconcat.test @@ -447,3 +447,18 @@ SELECT a, CHAR_LENGTH(b) FROM t1; SELECT CHAR_LENGTH( GROUP_CONCAT(b) ) FROM t1; SET GROUP_CONCAT_MAX_LEN = 1024; DROP TABLE t1; + +# +# Bug #22015: crash with GROUP_CONCAT over a derived table that +# returns the results of aggregation by GROUP_CONCAT +# + +CREATE TABLE t1 (a int, b int); + +INSERT INTO t1 VALUES (2,1), (1,2), (2,2), (1,3); + +SELECT GROUP_CONCAT(a), x + FROM (SELECT a, GROUP_CONCAT(b) x FROM t1 GROUP BY a) AS s + GROUP BY x; + +DROP TABLE t1; diff --git a/sql/filesort.cc b/sql/filesort.cc index 42d25dbbaee..f13354d5c72 100644 --- a/sql/filesort.cc +++ b/sql/filesort.cc @@ -1268,6 +1268,7 @@ sortlength(THD *thd, SORT_FIELD *sortorder, uint s_length, switch ((sortorder->result_type=sortorder->item->result_type())) { case STRING_RESULT: sortorder->length=sortorder->item->max_length; + set_if_smaller(sortorder->length, thd->variables.max_sort_length); if (use_strnxfrm((cs=sortorder->item->collation.collation))) { sortorder->length= cs->coll->strnxfrmlen(cs, sortorder->length); |