From 08ecbd5adb9051b77dca4cea0988ea286366a409 Mon Sep 17 00:00:00 2001
From: Tor Didriksen <tor.didriksen@oracle.com>
Date: Mon, 11 Jul 2011 11:20:19 +0200
Subject: Bug#11765255 - 58201: VALGRIND/CRASH WHEN ORDERING BY MULTIPLE
 AGGREGATE FUNCTIONS

We must allocate a larger ref_pointer_array. We failed to account for extra
items allocated here:
#0  find_order_in_list
  uint el= all_fields.elements;
  all_fields.push_front(order_item); /* Add new field to field list. */
  ref_pointer_array[el]= order_item;
  order->item= ref_pointer_array + el;
#1  setup_order
#2  setup_without_group
#3  JOIN::prepare


mysql-test/r/order_by.result:
  New test case.
mysql-test/r/union.result:
  New test case.
mysql-test/t/order_by.test:
  New test case.
mysql-test/t/union.test:
  New test case.
sql/sql_lex.cc:
  find_order_in_list() may need some extra space, so multiply og_num by two.
sql/sql_union.cc:
  For UNION, the 'n_sum_items' are accumulated in the "global_parameters" select_lex.
  This number must be propagated to setup_ref_array()

  When preparing a 'fake_select_lex' we need to use global_parameters->order_list
  rather than fake_select_lex->order_list (see comments inside st_select_lex_unit::cleanup)
---
 mysql-test/t/union.test | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

(limited to 'mysql-test/t/union.test')

diff --git a/mysql-test/t/union.test b/mysql-test/t/union.test
index c8d5ea0f8e5..d61c02be45c 100644
--- a/mysql-test/t/union.test
+++ b/mysql-test/t/union.test
@@ -1156,4 +1156,45 @@ SELECT * FROM t2 UNION SELECT * FROM t2
 DROP TABLE t1,t2;
 
 
+--echo #
+--echo # Bug#11765255 58201:
+--echo # VALGRIND/CRASH WHEN ORDERING BY MULTIPLE AGGREGATE FUNCTIONS
+--echo #
+
+let $my_stmt=
+select 1 as foo
+union
+select 2
+union
+select 3
+union
+select 4
+order by max(42) + max(1) + max(1) + max(1) + max(1) + max(1)
+;
+
+eval $my_stmt;
+
+eval prepare stmt1 from '$my_stmt';
+execute stmt1;
+execute stmt1;
+
+let $my_stmt=
+select 1 as foo
+union
+select 2
+union
+select 3
+union
+(select 4)
+order by max(42) + max(1) + max(1) + max(1) + max(1) + max(1)
+;
+
+eval $my_stmt;
+
+eval prepare stmt1 from '$my_stmt';
+execute stmt1;
+execute stmt1;
+
+deallocate prepare stmt1;
+
 --echo End of 5.1 tests
-- 
cgit v1.2.1