Commit 291ab712 authored by unknown's avatar unknown

Fixed bug lp:825018

Analysis:
During the first execution of the query through the stored
procedure, the optimization phase calls
substitute_for_best_equal_field(), which calls
Item_in_optimizer::transform(). The latter replaces
Item_in_subselect::left_expr with args[0] via assignment.
In this test case args[0] is an Item_outer_ref which is
created/deallocated for each re-execution. As a result,
during the second execution Item_in_subselect::left_expr
pointed to freed memory, which resulted in a crash.

Solution:
The solution is to use change_item_tree(), so that the
origianal left expression is restored after each execution.
parent 0afc96b3
...@@ -2090,4 +2090,42 @@ EXECUTE st2; ...@@ -2090,4 +2090,42 @@ EXECUTE st2;
f2 f2
2 2
drop table t1, t2; drop table t1, t2;
#
# LP BUG#825018: Crash in check_and_do_in_subquery_rewrites() with corrlated subquery in select list
#
CREATE TABLE t1 (a int, b int);
INSERT INTO t1 VALUES (10,1),(11,7);
CREATE TABLE t2 (a int);
INSERT INTO t2 VALUES (2),(3);
CREATE TABLE t3 (a int, b int);
INSERT INTO t3 VALUES (1,1);
CREATE PROCEDURE sp1 () LANGUAGE SQL
SELECT (SELECT t1.a
FROM t1
WHERE t1.b = t3.b
AND t1.b IN ( SELECT a FROM t2 )) sq
FROM t3
GROUP BY 1;
CALL sp1();
sq
NULL
CALL sp1();
sq
NULL
drop procedure sp1;
prepare st1 from "
SELECT (SELECT t1.a
FROM t1
WHERE t1.b = t3.b
AND t1.b IN ( SELECT a FROM t2 )) sq
FROM t3
GROUP BY 1";
execute st1;
sq
NULL
execute st1;
sq
NULL
deallocate prepare st1;
drop table t1, t2, t3;
set optimizer_switch=@subselect4_tmp; set optimizer_switch=@subselect4_tmp;
...@@ -1726,5 +1726,41 @@ EXECUTE st2; ...@@ -1726,5 +1726,41 @@ EXECUTE st2;
drop table t1, t2; drop table t1, t2;
--echo #
--echo # LP BUG#825018: Crash in check_and_do_in_subquery_rewrites() with corrlated subquery in select list
--echo #
CREATE TABLE t1 (a int, b int);
INSERT INTO t1 VALUES (10,1),(11,7);
CREATE TABLE t2 (a int);
INSERT INTO t2 VALUES (2),(3);
CREATE TABLE t3 (a int, b int);
INSERT INTO t3 VALUES (1,1);
CREATE PROCEDURE sp1 () LANGUAGE SQL
SELECT (SELECT t1.a
FROM t1
WHERE t1.b = t3.b
AND t1.b IN ( SELECT a FROM t2 )) sq
FROM t3
GROUP BY 1;
CALL sp1();
CALL sp1();
drop procedure sp1;
prepare st1 from "
SELECT (SELECT t1.a
FROM t1
WHERE t1.b = t3.b
AND t1.b IN ( SELECT a FROM t2 )) sq
FROM t3
GROUP BY 1";
execute st1;
execute st1;
deallocate prepare st1;
drop table t1, t2, t3;
set optimizer_switch=@subselect4_tmp; set optimizer_switch=@subselect4_tmp;
...@@ -1804,7 +1804,7 @@ Item *Item_in_optimizer::transform(Item_transformer transformer, uchar *argument ...@@ -1804,7 +1804,7 @@ Item *Item_in_optimizer::transform(Item_transformer transformer, uchar *argument
Item_subselect::ANY_SUBS)); Item_subselect::ANY_SUBS));
Item_in_subselect *in_arg= (Item_in_subselect*)args[1]; Item_in_subselect *in_arg= (Item_in_subselect*)args[1];
in_arg->left_expr= args[0]; current_thd->change_item_tree(&in_arg->left_expr, args[0]);
} }
return (this->*transformer)(argument); return (this->*transformer)(argument);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment