Bug#32717969: Wrong result of execute prepare on 'smallint'

roylyseng · dahlerlend · commit 98b2ccb470de · 2021-04-23T17:00:38.000+02:00
This problem may occur with prepared implicitly grouped SELECT
statements. When the WHERE clause is determined to be always false,
e.g. due to the actual parameter values, the result of some aggregate
functions may be picked up from the previous execution.

The reason for this is that the aggregator object for such functions
is not set up, instead the no_rows_in_result() function should be
called and set the null_value flag (at least when the aggregate function
is nullable). After inspection, it was observed that the SUM and the
GROUP_CONCAT functions missed the necessary no_rows_in_result()
implementations. These have now been implemented to call the clear()
function, which will set the null_value for the function result.

It was also detected that the NTILE function was always made nullable,
even though it can never return NULL unless the argument is NULL.
This problem was also fixed.

Reviewed by: Chaithra Gopala Reddy &lt;chaithra.gopalareddy@oracle.com&gt;

Change-Id: Ied8ab405a3afa520a23dd95d106f4ba7312a6f02
diff --git a/mysql-test/r/group_by.result b/mysql-test/r/group_by.result
@@ -4156,3 +4156,69 @@ FROM t1
 )
 0
 DROP TABLE t1;
+# Bug#32717969: Wrong result of execute prepare on 'smallint'
+CREATE TABLE t1(
+c1 smallint NOT NULL
+);
+INSERT INTO t1 VALUES(32767),(14742),(14743);
+SELECT COUNT(*), SUM(c1), AVG(c1), MIN(c1), MAX(c1) FROM t1 WHERE c1 > 32767;
+COUNT(*)	SUM(c1)	AVG(c1)	MIN(c1)	MAX(c1)
+0	NULL	NULL	NULL	NULL
+PREPARE stmt from
+'SELECT COUNT(*), SUM(c1), AVG(c1), MIN(c1), MAX(c1) FROM t1 WHERE c1 > ?';
+SET @a=14742;
+EXECUTE stmt USING @a;
+COUNT(*)	SUM(c1)	AVG(c1)	MIN(c1)	MAX(c1)
+2	47510	23755.0000	14743	32767
+set @a=32767;
+EXECUTE stmt USING @a;
+COUNT(*)	SUM(c1)	AVG(c1)	MIN(c1)	MAX(c1)
+0	NULL	NULL	NULL	NULL
+SELECT BIT_AND(c1), BIT_OR(c1), BIT_XOR(c1) FROM t1 WHERE c1 > 32767;
+BIT_AND(c1)	BIT_OR(c1)	BIT_XOR(c1)
+18446744073709551615	0	0
+PREPARE stmt from
+'SELECT BIT_AND(c1), BIT_OR(c1), BIT_XOR(c1) FROM t1 WHERE c1 > ?';
+SET @a=14742;
+EXECUTE stmt USING @a;
+BIT_AND(c1)	BIT_OR(c1)	BIT_XOR(c1)
+14743	32767	18024
+set @a=32767;
+EXECUTE stmt USING @a;
+BIT_AND(c1)	BIT_OR(c1)	BIT_XOR(c1)
+18446744073709551615	0	0
+SELECT GROUP_CONCAT(c1), JSON_ARRAYAGG(c1), JSON_OBJECTAGG('key', c1)
+FROM t1
+WHERE c1 > 32767;
+GROUP_CONCAT(c1)	JSON_ARRAYAGG(c1)	JSON_OBJECTAGG('key', c1)
+NULL	NULL	NULL
+PREPARE stmt from
+"SELECT GROUP_CONCAT(c1), JSON_ARRAYAGG(c1), JSON_OBJECTAGG('key', c1)
+ FROM t1
+ WHERE c1 > ?";
+SET @a=14742;
+EXECUTE stmt USING @a;
+GROUP_CONCAT(c1)	JSON_ARRAYAGG(c1)	JSON_OBJECTAGG('key', c1)
+32767,14743	[32767, 14743]	{"key": 14743}
+set @a=32767;
+EXECUTE stmt USING @a;
+GROUP_CONCAT(c1)	JSON_ARRAYAGG(c1)	JSON_OBJECTAGG('key', c1)
+NULL	NULL	NULL
+SELECT STDDEV_POP(c1), STDDEV_SAMP(c1), VAR_POP(c1), VAR_SAMP(c1)
+FROM t1
+WHERE c1 > 32767;
+STDDEV_POP(c1)	STDDEV_SAMP(c1)	VAR_POP(c1)	VAR_SAMP(c1)
+NULL	NULL	NULL	NULL
+PREPARE stmt from
+'SELECT STDDEV_POP(c1), STDDEV_SAMP(c1), VAR_POP(c1), VAR_SAMP(c1)
+ FROM t1
+ WHERE c1 > ?';
+SET @a=14742;
+EXECUTE stmt USING @a;
+STDDEV_POP(c1)	STDDEV_SAMP(c1)	VAR_POP(c1)	VAR_SAMP(c1)
+9012	12744.892624106333	81216144	162432288
+set @a=32767;
+EXECUTE stmt USING @a;
+STDDEV_POP(c1)	STDDEV_SAMP(c1)	VAR_POP(c1)	VAR_SAMP(c1)
+NULL	NULL	NULL	NULL
+DROP TABLE t1;
diff --git a/mysql-test/t/group_by.test b/mysql-test/t/group_by.test
@@ -3135,3 +3135,47 @@ SELECT
   FROM (SELECT 555 AS f2) AS c;
 
 DROP TABLE t1;
+
+--echo # Bug#32717969: Wrong result of execute prepare on 'smallint'
+
+CREATE TABLE t1(
+  c1 smallint NOT NULL
+);
+INSERT INTO t1 VALUES(32767),(14742),(14743);
+SELECT COUNT(*), SUM(c1), AVG(c1), MIN(c1), MAX(c1) FROM t1 WHERE c1 > 32767;
+PREPARE stmt from
+'SELECT COUNT(*), SUM(c1), AVG(c1), MIN(c1), MAX(c1) FROM t1 WHERE c1 > ?';
+SET @a=14742;
+EXECUTE stmt USING @a;
+set @a=32767;
+EXECUTE stmt USING @a;
+SELECT BIT_AND(c1), BIT_OR(c1), BIT_XOR(c1) FROM t1 WHERE c1 > 32767;
+PREPARE stmt from
+'SELECT BIT_AND(c1), BIT_OR(c1), BIT_XOR(c1) FROM t1 WHERE c1 > ?';
+SET @a=14742;
+EXECUTE stmt USING @a;
+set @a=32767;
+EXECUTE stmt USING @a;
+SELECT GROUP_CONCAT(c1), JSON_ARRAYAGG(c1), JSON_OBJECTAGG('key', c1)
+FROM t1
+WHERE c1 > 32767;
+PREPARE stmt from
+"SELECT GROUP_CONCAT(c1), JSON_ARRAYAGG(c1), JSON_OBJECTAGG('key', c1)
+ FROM t1
+ WHERE c1 > ?";
+SET @a=14742;
+EXECUTE stmt USING @a;
+set @a=32767;
+EXECUTE stmt USING @a;
+SELECT STDDEV_POP(c1), STDDEV_SAMP(c1), VAR_POP(c1), VAR_SAMP(c1)
+FROM t1
+WHERE c1 > 32767;
+PREPARE stmt from
+'SELECT STDDEV_POP(c1), STDDEV_SAMP(c1), VAR_POP(c1), VAR_SAMP(c1)
+ FROM t1
+ WHERE c1 > ?';
+SET @a=14742;
+EXECUTE stmt USING @a;
+set @a=32767;
+EXECUTE stmt USING @a;
+DROP TABLE t1;
diff --git a/sql/item_sum.cc b/sql/item_sum.cc
@@ -1815,6 +1815,8 @@ void Item_sum_sum::clear() {
   m_frame_null_count = 0;
 }
 
+void Item_sum_sum::no_rows_in_result() { clear(); }
+
 bool Item_sum_sum::resolve_type(THD *thd) {
   DBUG_TRACE;
   if (param_type_is_default(thd, 0, 1, MYSQL_TYPE_DOUBLE)) return true;
@@ -4251,6 +4253,8 @@ Item *Item_func_group_concat::copy_or_same(THD *thd) {
   return result;
 }
 
+void Item_func_group_concat::no_rows_in_result() { clear(); }
+
 void Item_func_group_concat::clear() {
   result.length(0);
   result.copy();
@@ -4389,6 +4393,8 @@ bool Item_func_group_concat::fix_fields(THD *thd, Item **ref) {
                   &fields, order_array.begin()))
     return true;
 
+  null_value = true;
+
   fixed = true;
 
   return false;
@@ -4865,7 +4871,6 @@ bool Item_nth_value::check_wf_semantics2(Window_evaluation_requirements *r) {
 bool Item_ntile::fix_fields(THD *thd, Item **items) {
   if (super::fix_fields(thd, items)) return true;
 
-  set_nullable(true);
   return false;
 }
 
diff --git a/sql/item_sum.h b/sql/item_sum.h
@@ -1020,9 +1020,9 @@ class Item_sum_sum : public Item_sum_num {
   enum Item_result result_type() const override { return hybrid_type; }
   bool check_wf_semantics1(THD *thd, Query_block *select,
                            Window_evaluation_requirements *reqs) override;
+  void no_rows_in_result() override;
   void reset_field() override;
   void update_field() override;
-  void no_rows_in_result() override {}
   const char *func_name() const override { return "sum"; }
   Item *copy_or_same(THD *thd) override;
 };
@@ -1303,7 +1303,6 @@ class Item_sum_avg final : public Item_sum_sum {
   Item *result_item(Field *) override {
     return new Item_avg_field(hybrid_type, this);
   }
-  void no_rows_in_result() override {}
   const char *func_name() const override { return "avg"; }
   Item *copy_or_same(THD *thd) override;
   Field *create_tmp_field(bool group, TABLE *table) override;
@@ -2161,7 +2160,7 @@ class Item_func_group_concat final : public Item_sum {
   }
   String *val_str(String *str) override;
   Item *copy_or_same(THD *thd) override;
-  void no_rows_in_result() override {}
+  void no_rows_in_result() override;
   void print(const THD *thd, String *str,
              enum_query_type query_type) const override;
   bool change_context_processor(uchar *arg) override {
