Commit 6a0d03fc authored by Chaithra Gopalareddy's avatar Chaithra Gopalareddy

Bug#13012483:EXPLAIN EXTENDED, PREPARED STATEMENT, CRASH IN

CHECK_SIMPLE_EQUALITY

PROBLEM:
Crash in "check_simple_equality" when using a subquery with "IN" and
"ALL" in prepare.

ANALYSIS:
Crash can be reproduced using a simplified query like this one:
prepare s from "select 1 from g1 where 1 < all (
                select @:=(1 in (select 1 from g1)) from g1)";

This bug is currently present only on 5.5.and 5.1. Its fixed as part
of work log(#1110) in 5.6. We are taking one change to fix this
in 5.5 and 5.1.

Problem seems to be present because we are trying to evaluate "is_null"
on an argument which is part of a subquery
(In Item_is_not_null_test::update_used_tables()).
But the condition to evaluate is only when we do not have a sub query
present, which means to say that "with_subselect" is not set.
With respect to the above query, we create an object of type
"Item_in_optimizer" which by definition is always associated with a
subquery. While in 5.6 we set "with_subselect" to true for
"Item_in_optimizer" object, we do not do the same in 5.5. This results in
the evaluation for "is_null" resulting in a coredump.
So, we are now setting "with_subselect" to true for "Item_in_optimizer"
in 5.1 and 5.5.


mysql-test/r/func_in.result:
  Result file changes for the test case added
mysql-test/t/func_in.test:
  Test case added for Bug#13012483
sql/item_cmpfunc.h:
  Changed Item_in_optimizer::Item_in_optimizer( ) to set "with_subselect"
  to true
parent c2d0fea8
......@@ -776,4 +776,14 @@ SELECT 1 IN (YEAR(FROM_UNIXTIME(NULL)) ,1);
1 IN (YEAR(FROM_UNIXTIME(NULL)) ,1)
1
#
#
# Bug#13012483: EXPLAIN EXTENDED, PREPARED STATEMENT, CRASH IN CHECK_SIMPLE_EQUALITY
#
CREATE TABLE t1 (a INT);
PREPARE s FROM "SELECT 1 FROM t1 WHERE 1 < ALL (SELECT @:= (1 IN (SELECT 1 FROM t1)) FROM t1)";
EXECUTE s;
1
DROP TABLE t1;
# End of test BUG#13012483
#
End of 5.1 tests
......@@ -562,4 +562,17 @@ SELECT 1 IN (YEAR(FROM_UNIXTIME(NULL)) ,1);
--echo #
--echo #
--echo # Bug#13012483: EXPLAIN EXTENDED, PREPARED STATEMENT, CRASH IN CHECK_SIMPLE_EQUALITY
--echo #
CREATE TABLE t1 (a INT);
PREPARE s FROM "SELECT 1 FROM t1 WHERE 1 < ALL (SELECT @:= (1 IN (SELECT 1 FROM t1)) FROM t1)";
EXECUTE s;
DROP TABLE t1;
--echo # End of test BUG#13012483
--echo #
--echo End of 5.1 tests
......@@ -254,7 +254,7 @@ class Item_in_optimizer: public Item_bool_func
Item_in_optimizer(Item *a, Item_in_subselect *b):
Item_bool_func(a, my_reinterpret_cast(Item *)(b)), cache(0),
save_cache(0), result_for_null_param(UNKNOWN)
{}
{ with_subselect= true; }
bool fix_fields(THD *, Item **);
bool fix_left(THD *thd, Item **ref);
bool is_null();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment