MDEV-22001: Server crashes in st_select_lex_unit::exclude_level upon execution of SP

Running some statements that use IN subqueries outside context of a regular
query could result in server abnormal termination.

The reason for failure is that internal structures SELECT_LEX/SELECT_LEX_UNIT
created on behalf of parsed query were initialized incorrectly. Incorrect
initialization of the structures SELECT_LEX/SELECT_LEX_UNIT was introduced
by the commit de745ecf
(MDEV-11953: support of brackets in UNION/EXCEPT/INTERSECT operations)
pushed into 10.4, that is the reason this bug report is not reproduced in 10.3.

To fix the issue the method SLECTE_LEX::register_unit is used for proper
initialization of the data structures SELECT_LEX/SELECT_LEX_UNIT. Additionally,
the method SELECT_LEX::get_slave() was removed from the source code base
since for those use cases where it is used it can be replaced by the method
first_inner_unit().

mysql-test/main/sp-bugs.result

@@ -353,3 +353,13 @@ drop table _t1;
 #
 # End of 10.3 tests
 #
+#
+#  MDEV-22001: Server crashes in st_select_lex_unit::exclude_level upon execution of SP
+#
+BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR 2 ; END $
+BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR (SELECT 2) ; END $
+KILL  (('x' IN ( SELECT 1)) MOD 44);
+ERROR HY000: Unknown thread id: 0
+#
+# End of 10.4 tests
+#

mysql-test/main/sp-bugs.test

@@ -371,3 +371,18 @@ drop table _t1;
 --echo #
 --echo # End of 10.3 tests
 --echo #
+
+--echo #
+--echo #  MDEV-22001: Server crashes in st_select_lex_unit::exclude_level upon execution of SP
+--echo #
+--delimiter $
+BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR 2 ; END $
+BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR (SELECT 2) ; END $
+--delimiter ;
+
+--error ER_NO_SUCH_THREAD
+KILL  (('x' IN ( SELECT 1)) MOD 44);
+
+--echo #
+--echo # End of 10.4 tests
+--echo #

sql/sql_lex.cc

@@ -9684,11 +9684,13 @@ void LEX::relink_hack(st_select_lex *select_lex)
 {
   if (!select_stack_top) // Statements of the second type
   {
-    if (!select_lex->get_master()->get_master())
-      ((st_select_lex *) select_lex->get_master())->
-        set_master(&builtin_select);
-    if (!builtin_select.get_slave())
-      builtin_select.set_slave(select_lex->get_master());
+    if (!select_lex->outer_select() &&
+        !builtin_select.first_inner_unit())
+    {
+      builtin_select.register_unit(select_lex->master_unit(),
+                                   &builtin_select.context);
+      builtin_select.add_statistics(select_lex->master_unit());
+    }
   }
 }
 

sql/sql_lex.h

@@ -738,7 +738,6 @@ class st_select_lex_node {
   }
 
   inline st_select_lex_node* get_master() { return master; }
-  inline st_select_lex_node* get_slave() { return slave; }
   void include_down(st_select_lex_node *upper);
   void add_slave(st_select_lex_node *slave_arg);
   void include_neighbour(st_select_lex_node *before);