• Georgi Kodinov's avatar
    Bug #49734: Crash on EXPLAIN EXTENDED UNION ... ORDER BY <any non-const-function> · 2d8869d2
    Georgi Kodinov authored
    Several problems fixed : 
    1. Non constant expressions in UNION ... ORDER BY were not correctly cleaned up
    in st_select_lex_unit::cleanup() causing crashes in EXPLAIN EXTENDED because of
    fields quoted by these expressions pointing to the already freed temporary table
    used to calculate the UNION.
    Fixed by correctly cleaning up expressions of any depth.
    
    2. Subqueries in the order by part of UNION ... ORDER BY ... caused a crash in 
    EXPLAIN EXTENDED because of a transformation attempt made during EXPLAIN EXTENDED
    execution. Fixed by not doing the transformation when in EXPLAIN.
    
    3. Fulltext functions caused crash when in the ORDER BY part of an un-parenthesized
    UNION that gets "promoted" to be valid for the whole union, e.g. 
    SELECT * FROM t1 UNION SELECT * FROM t2 ORDER BY MATCHES (a) AGAINST ('abc' IN BOOLEAN MODE).
    This is a case that demonstrates a more general problem of parts of the query being
    moved to another level. When doing such transformation late in the optimization run
    when most of the flags about the contents of the query are already aggregated it's possible 
    to "split" the flags so that they correctly reflect the new queries after the transformation.
    In specific the ST_SELECT_LEX::ftfunc_list is holding all the free text function for all the 
    parts of the second SELECT in the UNION and we don't know what part of that is in the ORDER BY
    that we're to move to the UNION level and what part is about the other parts of the second SELECT.
    Fixed by throwing and error when such statements are about to be processed by adding a check 
    for the presence of MATCH() inside the ORDER BY clause that's going to get promoted to UNION.
    To workaround this new limitation one must parenthesize the UNION SELECTs and provide a real 
    global ORDER BY for the UNION outside of the parenthesis.
    2d8869d2
sql_select.cc 538 KB