Commit c5e68b6d authored by Igor Babaev's avatar Igor Babaev

MDEV-27212 Crash in Item_equal::sort on second execution of stored procedure

This bug could cause a crash of the server at the second call of a stored
procedure when it executed a query containing a mergeable derived table /
view whose specification used another mergeable derived_table or view and a
subquery with outer reference in the select list of the specification.
Such queries could cause the same problem when they were executed for the
second time in a prepared mode.
The problem appeared due to a typo mistake in the legacy code of the function
create_view_field() that prevented building Item_direct_view_ref wrapper
for the mentioned outer reference at the second execution of the query and
setting the depended_from field for the outer reference.

Approved by Oleksandr Byelkin <sanja@mariadb.com>
parent 1bcdc3e9
...@@ -3586,4 +3586,64 @@ f2 f3 ...@@ -3586,4 +3586,64 @@ f2 f3
DROP PROCEDURE p1; DROP PROCEDURE p1;
DROP VIEW v1,v2,v3; DROP VIEW v1,v2,v3;
DROP TABLE t1; DROP TABLE t1;
#
# MDEV-27212: 2-nd execution of PS for select with embedded derived tables
# and correlated subquery in select list of outer derived
#
create table t1 ( id int, id2 int ) engine=myisam;
create table t2 ( x3 int , x1 int , x2 int, a1 int) engine=myisam;
insert into t1 values (3, 2), (4, 2), (3, 4);
insert into t2 values (1, 2, 2, 1), (1, 3, 3, 2), (2, 3, 3, 1);
prepare stmt from "select id from t1
join
( select dt2.x1,
( select sum(a1) from t2 where t2.x1 = dt2.x1 ) m
from ( select x1 from t2 u where x3 = 1 ) dt2
) dt
on t1.id = dt.x1
where t1.id2 < dt.m";
execute stmt;
id
3
execute stmt;
id
3
deallocate prepare stmt;
create procedure sp1() select id from t1
join
( select dt2.x1,
( select sum(a1) from t2 where t2.x1 = dt2.x1 ) m
from ( select x1 from t2 u where x3 = 1 ) dt2
) dt
on t1.id = dt.x1
where t1.id2 < dt.m;
call sp1();
id
3
call sp1();
id
3
create view v2 as select x1 from t2 u where x3 = 1;
create view v as
select v2.x1,
( select sum(a1) from t2 where t2.x1 = v2.x1 ) m from v2;
prepare stmt from "select id from t1 join v on t1.id = v.x1 where t1.id2 < v.m";
execute stmt;
id
3
execute stmt;
id
3
deallocate prepare stmt;
create procedure sp2() select id from t1 join v on t1.id = v.x1 where t1.id2 < v.m;
call sp2();
id
3
call sp2();
id
3
drop procedure sp1;
drop procedure sp2;
drop view v, v2;
drop table t1,t2;
# End of 10.2 tests # End of 10.2 tests
...@@ -2376,4 +2376,56 @@ DROP PROCEDURE p1; ...@@ -2376,4 +2376,56 @@ DROP PROCEDURE p1;
DROP VIEW v1,v2,v3; DROP VIEW v1,v2,v3;
DROP TABLE t1; DROP TABLE t1;
--echo #
--echo # MDEV-27212: 2-nd execution of PS for select with embedded derived tables
--echo # and correlated subquery in select list of outer derived
--echo #
create table t1 ( id int, id2 int ) engine=myisam;
create table t2 ( x3 int , x1 int , x2 int, a1 int) engine=myisam;
insert into t1 values (3, 2), (4, 2), (3, 4);
insert into t2 values (1, 2, 2, 1), (1, 3, 3, 2), (2, 3, 3, 1);
let $q=
select id from t1
join
( select dt2.x1,
( select sum(a1) from t2 where t2.x1 = dt2.x1 ) m
from ( select x1 from t2 u where x3 = 1 ) dt2
) dt
on t1.id = dt.x1
where t1.id2 < dt.m;
eval prepare stmt from "$q";
execute stmt;
execute stmt;
deallocate prepare stmt;
eval create procedure sp1() $q;
call sp1();
call sp1();
create view v2 as select x1 from t2 u where x3 = 1;
create view v as
select v2.x1,
( select sum(a1) from t2 where t2.x1 = v2.x1 ) m from v2;
let $q=
select id from t1 join v on t1.id = v.x1 where t1.id2 < v.m;
eval prepare stmt from "$q";
execute stmt;
execute stmt;
deallocate prepare stmt;
eval create procedure sp2() $q;
call sp2();
call sp2();
drop procedure sp1;
drop procedure sp2;
drop view v, v2;
drop table t1,t2;
--echo # End of 10.2 tests --echo # End of 10.2 tests
...@@ -5984,7 +5984,7 @@ Item *Field_iterator_view::create_item(THD *thd) ...@@ -5984,7 +5984,7 @@ Item *Field_iterator_view::create_item(THD *thd)
Item *create_view_field(THD *thd, TABLE_LIST *view, Item **field_ref, Item *create_view_field(THD *thd, TABLE_LIST *view, Item **field_ref,
const char *name) const char *name)
{ {
bool save_wrapper= thd->lex->select_lex.no_wrap_view_item; bool save_wrapper= thd->lex->current_select->no_wrap_view_item;
Item *field= *field_ref; Item *field= *field_ref;
DBUG_ENTER("create_view_field"); DBUG_ENTER("create_view_field");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment