Bug #32558 group by null-returning expression with rollup causes crash
Submitted: 21 Nov 2007 6:46 Modified: 12 Dec 2007 19:43
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S1 (Critical)
Version:5.1.23 OS:Any
Assigned to: Ramil Kalimullin CPU Architecture:Any
Triage: D1 (Critical)

[21 Nov 2007 6:46] Shane Bester
Description:
This is a followup to the bug #31095 (server crashes with group by null with rollup).  That testcase didn't crash anymore, so I'm opening a new bug for this testcase.  The date(1) returns null, which still causes a crash.

mysqld.exe!String::length
mysqld.exe!sortcmp
mysqld.exe!Cached_item_str::cmp
mysqld.exe!test_if_group_changed
mysqld.exe!end_send_group
mysqld.exe!do_select
mysqld.exe!JOIN::exec
mysqld.exe!mysql_select
mysqld.exe!handle_select
mysqld.exe!execute_sqlcom_select
mysqld.exe!mysql_execute_command
mysqld.exe!mysql_parse
mysqld.exe!dispatch_command
mysqld.exe!do_command
mysqld.exe!handle_one_connection
mysqld.exe!pthread_start
mysqld.exe!_callthreadstart
mysqld.exe!_threadstart

How to repeat:
drop table if exists `t1`;
create table `t1` (`a` int)engine=myisam;
insert into `t1` values (0);
select 1 from `t1` group by (date(1)) with rollup;
[21 Nov 2007 16:54] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/38219

ChangeSet@1.2578, 2007-11-21 20:53:44+04:00, ramil@mysql.com +3 -0
  Fix for bug #32558: group by null-returning expression with rollup causes crash
  
  Problem: setting Item_func_rollup_const::null_value property to argument's null_value
  before (without) the argument evaluation may result in a crash due to wrong null_value.
  
  Fix: use is_null() to set Item_func_rollup_const::null_value instead as it evaluates
  the argument if necessary and returns a proper value.
[28 Nov 2007 10:24] Bugs System
Pushed into 6.0.4-alpha
[28 Nov 2007 10:26] Bugs System
Pushed into 5.1.23-rc
[28 Nov 2007 10:27] Bugs System
Pushed into 5.0.54
[12 Dec 2007 19:43] Paul Dubois
Noted in 5.0.54, 5.1.23, 6.0.6 changelogs.

Use of a NULL-returning GROUP BY expression in conjunction with WITH
ROLLUP could cause a server crash.