Commit 41ef3435 authored by evgen@moonbone.local's avatar evgen@moonbone.local

Fixed bug #15538: unchecked table absence caused server crash.

Absence of table in left part of LEFT/RIGHT join wasn't checked before
name resolution which resulted in NULL dereferencing and server crash.

Modified rules: 
"table_ref LEFT opt_outer JOIN_SYM table_ref" and "table_ref RIGHT opt_outer 
JOIN_SYM table_ref"
NULL check is moved before push_new_name_resolution_context()
parent fb50e37c
...@@ -3345,3 +3345,5 @@ select * from t1 left join t2 on f1=t2.f2 where t1.f2='a'; ...@@ -3345,3 +3345,5 @@ select * from t1 left join t2 on f1=t2.f2 where t1.f2='a';
f1 f2 f2 f1 f2 f2
NULL a NULL NULL a NULL
drop table t1,t2; drop table t1,t2;
select * from (select * left join t on f1=f2) tt;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'on f1=f2) tt' at line 1
...@@ -2815,3 +2815,9 @@ create table t2 (f2 char not null); ...@@ -2815,3 +2815,9 @@ create table t2 (f2 char not null);
insert into t2 values('b'); insert into t2 values('b');
select * from t1 left join t2 on f1=t2.f2 where t1.f2='a'; select * from t1 left join t2 on f1=t2.f2 where t1.f2='a';
drop table t1,t2; drop table t1,t2;
#
# Bug#15538 unchecked table absense caused server crash.
#
--error 1064
select * from (select * left join t on f1=f2) tt;
...@@ -5248,13 +5248,13 @@ join_table: ...@@ -5248,13 +5248,13 @@ join_table:
| table_ref LEFT opt_outer JOIN_SYM table_ref | table_ref LEFT opt_outer JOIN_SYM table_ref
ON ON
{ {
YYERROR_UNLESS($1 && $5);
/* Change the current name resolution context to a local context. */ /* Change the current name resolution context to a local context. */
if (push_new_name_resolution_context(YYTHD, $1, $5)) if (push_new_name_resolution_context(YYTHD, $1, $5))
YYABORT; YYABORT;
} }
expr expr
{ {
YYERROR_UNLESS($1 && $5);
add_join_on($5,$8); add_join_on($5,$8);
Lex->pop_context(); Lex->pop_context();
$5->outer_join|=JOIN_TYPE_LEFT; $5->outer_join|=JOIN_TYPE_LEFT;
...@@ -5279,6 +5279,7 @@ join_table: ...@@ -5279,6 +5279,7 @@ join_table:
| table_ref RIGHT opt_outer JOIN_SYM table_ref | table_ref RIGHT opt_outer JOIN_SYM table_ref
ON ON
{ {
YYERROR_UNLESS($1 && $5);
/* Change the current name resolution context to a local context. */ /* Change the current name resolution context to a local context. */
if (push_new_name_resolution_context(YYTHD, $1, $5)) if (push_new_name_resolution_context(YYTHD, $1, $5))
YYABORT; YYABORT;
...@@ -5286,7 +5287,6 @@ join_table: ...@@ -5286,7 +5287,6 @@ join_table:
expr expr
{ {
LEX *lex= Lex; LEX *lex= Lex;
YYERROR_UNLESS($1 && $5);
if (!($$= lex->current_select->convert_right_join())) if (!($$= lex->current_select->convert_right_join()))
YYABORT; YYABORT;
add_join_on($$, $8); add_join_on($$, $8);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment