From 2cd98c95dee7ae77e6280b4e047a2ebec00b5442 Mon Sep 17 00:00:00 2001 From: Sergei Petrunia Date: Wed, 3 Aug 2022 16:07:16 +0300 Subject: MDEV-23809: Server crash in JOIN_CACHE::free or ... The problem was caused by use of COLLATION(AVG('x')). This is an item whose value is a constant. Name Resolution code called convert_const_to_int() which removed AVG('x'). However, the item representing COLLATION(...) still had with_sum_func=1. This inconsistent state confused the code that handles grouping and DISTINCT: JOIN::get_best_combination() decided to use one temporary table and allocated one JOIN_TAB for it, but then JOIN::make_aggr_tables_info() attempted to use two and made writes beyond the end of the JOIN::join_tab array. The fix: - Do not replace constant expressions which contain aggregate functions. - Add JOIN::dbug_join_tab_array_size to catch attempts to use more JOIN_TAB objects than we've allocated. --- mysql-test/main/func_group.test | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'mysql-test/main/func_group.test') diff --git a/mysql-test/main/func_group.test b/mysql-test/main/func_group.test index fb2106ac3ae..f91aee3e577 100644 --- a/mysql-test/main/func_group.test +++ b/mysql-test/main/func_group.test @@ -1756,6 +1756,25 @@ DROP TABLE t2; DROP VIEW v1; DROP TABLE t1; +--echo # +--echo # MDEV-23809: Server crash in JOIN_CACHE::free or ... +--echo # + +CREATE TABLE t1 (a INT); +INSERT INTO t1 VALUES (1),(2); +SELECT DISTINCT CASE CONVERT(EXPORT_SET(0, COLLATION(BENCHMARK(1, BIT_OR(0))),0),TIME) WHEN a THEN 1 END AS f FROM t1; +DROP TABLE t1; + + +CREATE TABLE t1 (a VARCHAR(8) NULL, b BIGINT); +INSERT INTO t1 (a,b) VALUES (NULL,NULL),('foo',NULL); +SELECT DISTINCT STRCMP((b > COLLATION(STDDEV_SAMP(15750))), a) AS f FROM t1; +DROP TABLE t1; + +CREATE TABLE t1 (a BIGINT) AS SELECT 1 AS v3 UNION SELECT FALSE ; +SELECT DISTINCT a IN ( COLLATION (AVG ('x'))) FROM t1 ; +DROP TABLE t1; + --echo # --echo # End of 10.3 tests --echo # -- cgit v1.2.1