From 09a58105413361f25bc8a05c5b11945fce387eb3 Mon Sep 17 00:00:00 2001 From: "Tatiana A. Nurnberg" Date: Fri, 19 Feb 2010 15:16:43 +0000 Subject: Bug#49487: crash with explain extended and group_concat in a derived table When EXPLAIN EXTENDED tries to print column names, it checks whether the referenced table is CONST (in which case, the column's value rather than its name will be printed). If no proper table is reference (i.e. because a derived table was used that has since gone out of scope), this will fail spectacularly. This ports an equivalent of the fix for Bug 43354. mysql-test/r/func_gconcat.result: Show that EXPLAIN EXTENDED on a GROUP_CONCAT() on a derived table no longer crashes the server. mysql-test/t/func_gconcat.test: Show that EXPLAIN EXTENDED on a GROUP_CONCAT() on a derived table no longer crashes the server. sql/item_sum.cc: Do not de-ref what cannot be, that is, temp-tables that have gone away. This is of questionable utility anyway, since our deref has the sole purpose of checking whether the table is const (in which case, we'll substitute the column with its value in EXPLAIN EXTENDED - that is all). --- sql/item_sum.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'sql/item_sum.cc') diff --git a/sql/item_sum.cc b/sql/item_sum.cc index dde8fe29e5a..4c2bde90100 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -3538,6 +3538,8 @@ String* Item_func_group_concat::val_str(String* str) void Item_func_group_concat::print(String *str) { + /* orig_args is not filled with valid values until fix_fields() */ + Item **pargs= fixed ? orig_args : args; str->append(STRING_WITH_LEN("group_concat(")); if (distinct) str->append(STRING_WITH_LEN("distinct ")); @@ -3545,7 +3547,7 @@ void Item_func_group_concat::print(String *str) { if (i) str->append(','); - args[i]->print(str); + pargs[i]->print(str); } if (arg_count_order) { -- cgit v1.2.1 From 0c07d7c4253ae12567ec5a257d2fe478a8e89fcf Mon Sep 17 00:00:00 2001 From: Staale Smedseng Date: Sun, 14 Mar 2010 17:01:45 +0100 Subject: Bug #49829 Many "hides virtual function" warnings with SunStudio SunStudio compilers of late warn about methods that might hide methods in base classes due to the use of overloading combined with overriding. SunStudio also warns about variables defined in local socpe or method arguments that have the same name as a member attribute of the class. This patch renames methods that might hide base class methods, to make it easier both for humans and compilers to see what is actually called. It also renames variables in local scope. sql/field.cc: Local scope variable or method argument same as class attribute. sql/item_cmpfunc.cc: Local scope variable or method argument same as class attribute. sql/item_create.cc: Renaming base class create() to create_func(). sql/item_create.h: Renaming base class create() to create_func(). sql/protocol.cc: Local scope variable or method argument same as class attribute. sql/sql_profile.cc: Local scope variable or method argument same as class attribute. sql/sql_select.cc: Local scope variable or method argument same as class attribute. sql/sql_yacc.yy: Renaming base class create() to create_func(). storage/federated/ha_federated.cc: Local scope variable or method argument same as class attribute. storage/myisammrg/ha_myisammrg.cc: Local scope variable or method argument same as class attribute. --- sql/item_sum.cc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'sql/item_sum.cc') diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 142e90639e8..c36fb8b8d64 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2000, 2010 Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -647,7 +647,7 @@ Item_sum_hybrid::fix_fields(THD *thd, Item **ref) default: DBUG_ASSERT(0); }; - setup(args[0], NULL); + setup_hybrid(args[0], NULL); /* MIN/MAX can return NULL for empty set indepedent of the used column */ maybe_null= 1; unsigned_flag=item->unsigned_flag; @@ -681,7 +681,7 @@ Item_sum_hybrid::fix_fields(THD *thd, Item **ref) of the original MIN/MAX object and it is saved in this object's cache. */ -void Item_sum_hybrid::setup(Item *item, Item *value_arg) +void Item_sum_hybrid::setup_hybrid(Item *item, Item *value_arg) { value= Item_cache::get_cache(item); value->setup(item); @@ -1651,7 +1651,7 @@ void Item_sum_hybrid::no_rows_in_result() Item *Item_sum_min::copy_or_same(THD* thd) { Item_sum_min *item= new (thd->mem_root) Item_sum_min(thd, this); - item->setup(args[0], value); + item->setup_hybrid(args[0], value); return item; } @@ -1674,7 +1674,7 @@ bool Item_sum_min::add() Item *Item_sum_max::copy_or_same(THD* thd) { Item_sum_max *item= new (thd->mem_root) Item_sum_max(thd, this); - item->setup(args[0], value); + item->setup_hybrid(args[0], value); return item; } -- cgit v1.2.1 From 8c8d834c1395af5c7739d03b898e8fe439aeabb5 Mon Sep 17 00:00:00 2001 From: Ramil Kalimullin Date: Wed, 31 Mar 2010 17:00:56 +0400 Subject: Fix for bug#52397: another crash with explain extended and group_concat Problem: EXPLAIN EXTENDED was trying to resolve references to freed temporary table fields for GROUP_CONCAT()'s ORDER BY arguments. Fix: use stored original GROUP_CONCAT()'s arguments in such a case. mysql-test/r/func_gconcat.result: Fix for bug#52397: another crash with explain extended and group_concat - test result. mysql-test/t/func_gconcat.test: Fix for bug#52397: another crash with explain extended and group_concat - test case. sql/item_sum.cc: Fix for bug#52397: another crash with explain extended and group_concat - use "pargs", printing ORDER BY arguments in the Item_func_group_concat::print() instead of "order" to avoid possible reference resolving to (freed) temporary table fields. --- sql/item_sum.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql/item_sum.cc') diff --git a/sql/item_sum.cc b/sql/item_sum.cc index c36fb8b8d64..8c1e5501a1b 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -3420,7 +3420,7 @@ void Item_func_group_concat::print(String *str, enum_query_type query_type) { if (i) str->append(','); - (*order[i]->item)->print(str, query_type); + pargs[i + arg_count_field]->print(str, query_type); if (order[i]->asc) str->append(STRING_WITH_LEN(" ASC")); else -- cgit v1.2.1