• Igor Babaev's avatar
    MDEV-29362 Crash with query using constant subquery as left part of IN subquery · 832e96de
    Igor Babaev authored
    If a query has a HAVING clause that contains a predicate with a constant
    IN subquery whose lef part in its turn is a subquery and the predicate is
    subject to pushdown from HAVING to WHERE then execution of the query could
    cause a crash of the server.
    
    The cause of the problem was the missing implementation of the walk()
    method for the class Item_in_optimizer. As a result in some cases the left
    operand of the Item_in_optimizer condition could be traversed twice by
    the walk procedure. For many call-back functions used as an argument of
    this procedure it does not matter. Yet it matters for the call-back
    function cleanup_excluding_immutables_processor() used in pushdown of
    predicates from HAVING to WHERE. If the processed item is marked with
    the IMMUTABLE_FL flag then the processor just removes this flag, otherwise
    it performs cleanup of the item making it unfixed. If an item is marked
    with an the IMMUTABLE_FL and it traversed with this processor twice then
    it becomes unfixed after the second traversal though the flag indicates
    that the item should not be cleaned up.
    
    Approved by Oleksandr Byelkin <sanja@mariadb.com>
    832e96de
item_cmpfunc.h 120 KB