Commit 16d0f7f9 authored by Georgi Kodinov's avatar Georgi Kodinov

Bug #48291 : crash with row() operator,select into @var, and

  subquery returning multiple rows

Error handling was missing when handling subqueires in WHERE 
and when assigning a SELECT result to a @variable.
This caused crash(es). 

Fixed by adding error handling code to both the WHERE 
condition evaluation and to assignment to an @variable.
parent fc80944c
...@@ -4430,4 +4430,16 @@ SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); ...@@ -4430,4 +4430,16 @@ SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a);
1 1
1 1
DROP TABLE t1; DROP TABLE t1;
#
# Bug #48291 : crash with row() operator,select into @var, and
# subquery returning multiple rows
#
CREATE TABLE t1(a INT);
INSERT INTO t1 VALUES (2),(3);
# Should not crash
SELECT 1 FROM t1 WHERE a <> 1 AND NOT
ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1))
INTO @var0;
ERROR 21000: Subquery returns more than 1 row
DROP TABLE t1;
End of 5.0 tests End of 5.0 tests
...@@ -3767,4 +3767,21 @@ SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); ...@@ -3767,4 +3767,21 @@ SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a);
DROP TABLE t1; DROP TABLE t1;
--echo #
--echo # Bug #48291 : crash with row() operator,select into @var, and
--echo # subquery returning multiple rows
--echo #
CREATE TABLE t1(a INT);
INSERT INTO t1 VALUES (2),(3);
--echo # Should not crash
--error ER_SUBQUERY_NO_1_ROW
SELECT 1 FROM t1 WHERE a <> 1 AND NOT
ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1))
INTO @var0;
DROP TABLE t1;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -2068,9 +2068,11 @@ bool select_dumpvar::send_data(List<Item> &items) ...@@ -2068,9 +2068,11 @@ bool select_dumpvar::send_data(List<Item> &items)
else else
{ {
Item_func_set_user_var *suv= new Item_func_set_user_var(mv->s, item); Item_func_set_user_var *suv= new Item_func_set_user_var(mv->s, item);
suv->fix_fields(thd, 0); if (suv->fix_fields(thd, 0))
DBUG_RETURN (1);
suv->save_item_result(item); suv->save_item_result(item);
suv->update(); if (suv->update())
DBUG_RETURN (1);
} }
} }
DBUG_RETURN(0); DBUG_RETURN(0);
......
...@@ -10822,6 +10822,7 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab, ...@@ -10822,6 +10822,7 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab,
bool not_used_in_distinct=join_tab->not_used_in_distinct; bool not_used_in_distinct=join_tab->not_used_in_distinct;
ha_rows found_records=join->found_records; ha_rows found_records=join->found_records;
COND *select_cond= join_tab->select_cond; COND *select_cond= join_tab->select_cond;
bool select_cond_result= TRUE;
if (error > 0 || (*report_error)) // Fatal error if (error > 0 || (*report_error)) // Fatal error
return NESTED_LOOP_ERROR; return NESTED_LOOP_ERROR;
...@@ -10833,7 +10834,17 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab, ...@@ -10833,7 +10834,17 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab,
return NESTED_LOOP_KILLED; /* purecov: inspected */ return NESTED_LOOP_KILLED; /* purecov: inspected */
} }
DBUG_PRINT("info", ("select cond 0x%lx", (ulong)select_cond)); DBUG_PRINT("info", ("select cond 0x%lx", (ulong)select_cond));
if (!select_cond || select_cond->val_int())
if (select_cond)
{
select_cond_result= test(select_cond->val_int());
/* check for errors evaluating the condition */
if (join->thd->net.report_error)
return NESTED_LOOP_ERROR;
}
if (!select_cond || select_cond_result)
{ {
/* /*
There is no select condition or the attached pushed down There is no select condition or the attached pushed down
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment