| Bug #34830 | Item_ref & Item_direct_ref constructor call: mixed table & field names. | ||
|---|---|---|---|
| Submitted: | 26 Feb 2008 12:20 | Modified: | 10 Apr 2008 13:54 |
| Reporter: | Gleb Shchepa | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 5.0+ | OS: | Any |
| Assigned to: | Gleb Shchepa | CPU Architecture: | Any |
[28 Feb 2008 22:34]
MySQL Verification Team
Thank you for the bug report. Verified as described in the feedback.
[29 Feb 2008 11:14]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/43212 ChangeSet@1.2592, 2008-02-29 15:11:11+04:00, gshchepa@host.loc +1 -0 Fixed bug #34830: mixed table and field names in Item_ref and Item_direct_ref constructor calls. Order of ref->field_name and ref->table_name arguments is of Item_ref and Item_direct_ref in the fix_inner_refs function is inverted.
[13 Mar 2008 19:27]
Bugs System
Pushed into 6.0.5-alpha
[13 Mar 2008 19:35]
Bugs System
Pushed into 5.1.24-rc
[13 Mar 2008 19:42]
Bugs System
Pushed into 5.0.60
[3 Apr 2008 14:59]
Jon Stephens
Pushed into 5.1.23-ndb-6.3.11.
[10 Apr 2008 13:54]
Paul DuBois
Noted in 5.0.60, 5.1.24, 5.1.24-ndb-6.3.13, 6.0.5 changelogs. Table and database names were mixed up in some places of the subquery transformation procedure. This could affect debugging trace output and further extensions of that procedure.
Description: sql/sql_select.cc: ------------------ bool fix_inner_refs(THD *thd, List<Item> &all_fields, SELECT_LEX *select, Item **ref_pointer_array) { ... new_ref= direct_ref ? new Item_direct_ref(ref->context, item_ref, ref->field_name, ^^^^^^^^^^^^^^^^ ref->table_name, ref->alias_name_used) : ^^^^^^^^^^^^^^^^ new Item_ref(ref->context, item_ref, ref->field_name, ^^^^^^^^^^^^^^^^ ref->table_name, ref->alias_name_used); ^^^^^^^^^^^^^^^^ ... Order of ref->field_name and ref->table_name arguments should be changes because or definition of Item_ref and Item_direct_ref constructors (sql/item.h): Item_ref(Name_resolution_context *context_arg, Item **item, const char *table_name_arg, const char *field_name_arg, ^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^ bool alias_name_used_arg= FALSE); and Item_direct_ref(Name_resolution_context *context_arg, Item **item, const char *table_name_arg, ^^^^^^^^^^^^^^ const char *field_name_arg, ^^^^^^^^^^^^^^ bool alias_name_used_arg= FALSE) How to repeat: No good idea at this moment, but the bug is visible in the debugger when I trace such queries as: CREATE TABLE t1 (a INT, b INT); SELECT ROW(1, a) IN (SELECT SUM(b), 2) FROM t1 GROUP BY a; and place breakpoint at 'Item_direct_ref::Item_direct_ref(Name_resolution_context*, Item**, char const*, char const*, bool)' (gdb) p table_name_arg $1 = 0x86da393 "b" # Should be "t1" (gdb) p field_name_arg $2 = 0x871dfa0 "t1" # Should be "b" Suggested fix: ===== sql_select.cc 1.558 vs edited ===== --- 1.558/sql/sql_select.cc 2008-01-27 09:45:30 +04:00 +++ edited/sql/sql_select.cc 2008-02-26 16:12:25 +04:00 @@ -360,10 +360,10 @@ fix_inner_refs(THD *thd, List<Item> &all } } new_ref= direct_ref ? - new Item_direct_ref(ref->context, item_ref, ref->field_name, - ref->table_name, ref->alias_name_used) : - new Item_ref(ref->context, item_ref, ref->field_name, - ref->table_name, ref->alias_name_used); + new Item_direct_ref(ref->context, item_ref, ref->table_name, + ref->field_name, ref->alias_name_used) : + new Item_ref(ref->context, item_ref, ref->table_name, + ref->field_name, ref->alias_name_used); if (!new_ref) return TRUE; ref->outer_ref= new_ref;