MySQL Bugs: #132: ORDER BY 0 crash with UNION or with subselect/derived table

Bug #132	ORDER BY 0 crash with UNION or with subselect/derived table
Submitted:	7 Mar 2003 13:23	Modified:	8 Mar 2003 12:20
Reporter:	jocelyn fournier (Silver Quality Contributor)	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server	Severity:	S1 (Critical)
Version:	4.1	OS:	Any (all)
Assigned to:		CPU Architecture:	Any

Description:
MySQL crashes with the following queries :

(SELECT 1) UNION (SELECT 2) ORDER BY 0

Stack trace :

0x80abb41 handle_segfault + 481
0x82a85d8 pthread_sighandler + 176
0x80e19cb get_sort_by_table(st_order*, st_order*, st_table_list*) + 43
0x80d8ae8 JOIN::optimize() + 328
0x80daf22 _Z12mysql_selectP3THDPPP4ItemP13st_table_listjR4ListIS1_ES2_jP8st_orderSB_S2_SB_mP13select_resultP18st_select_lex_unitP13st_sel + 98
0x814e711 st_select_lex_unit::exec() + 609
0x814d94f mysql_union(THD*, st_lex*, select_result*, st_select_lex_unit*, bool) + 79
0x80d8131 handle_select(THD*, st_lex*, select_result*) + 113
0x80ba0a4 mysql_execute_command(THD*) + 644
0x80bef28 mysql_parse(THD*, char*, unsigned) + 232
0x80b8bf3 dispatch_command(enum_server_command, THD*, char*, unsigned) + 867
0x80b8845 do_command(THD*) + 133
0x80b80b1 handle_one_connection + 913
0x82a5ffa pthread_start_thread + 218
0x82da54a thread_start + 4

SELECT 1 FROM (SELECT 1) a ORDER BY 0

Stack trace :

0x80abb41 handle_segfault + 481
0x82a85d8 pthread_sighandler + 176
0x80e19cb get_sort_by_table(st_order*, st_order*, st_table_list*) + 43
0x80d8ae8 JOIN::optimize() + 328
0x80daf22 _Z12mysql_selectP3THDPPP4ItemP13st_table_listjR4ListIS1_ES2_jP8st_orderSB_S2_SB_mP13select_resultP18st_select_lex_unitP13st_sel + 98
0x80d8219 handle_select(THD*, st_lex*, select_result*) + 345
0x80ba0a4 mysql_execute_command(THD*) + 644
0x80bef28 mysql_parse(THD*, char*, unsigned) + 232
0x80b8bf3 dispatch_command(enum_server_command, THD*, char*, unsigned) + 867
0x80b8845 do_command(THD*) + 133
0x80b80b1 handle_one_connection + 913
0x82a5ffa pthread_start_thread + 218
0x82da54a thread_start + 4

How to repeat:
(SELECT 1) UNION (SELECT 2) ORDER BY 0
SELECT 1 FROM (SELECT 1) a ORDER BY 0

Suggested fix:
ORDER BY 0, as well as ORDER BY 1 shouldn't be allowed in UNION and subselect/derived table.

===== sql/sql_select.cc 1.209 vs edited =====
*** /tmp/sql_select.cc-1.209-11251      Thu Mar  6 17:15:15 2003
--- edited/sql/sql_select.cc    Sat Mar  8 21:51:57 2003
***************
*** 7088,7094 ****
      Item *item=0;
  
      uint count= (uint) ((Item_int*)itemptr)->value;
!     if (count > fields.elements)
      {
        my_printf_error(ER_BAD_FIELD_ERROR,ER(ER_BAD_FIELD_ERROR),
                      MYF(0),itemptr->full_name(),
--- 7088,7094 ----
      Item *item=0;
  
      uint count= (uint) ((Item_int*)itemptr)->value;
!     if (!count || count > fields.elements)
      {
        my_printf_error(ER_BAD_FIELD_ERROR,ER(ER_BAD_FIELD_ERROR),
                      MYF(0),itemptr->full_name(),