Commit c71a6428 authored by unknown's avatar unknown

BUG#33794 "MySQL crashes executing specific query":

The problem occurred when one had a subquery that had an equality X=Y where 
Y referred to a named select list expression from the parent select. MySQL 
crashed when trying to use the X=Y equality for ref-based access. 

Fixed by allowing non-Item_field items in the described case.


mysql-test/r/subselect.result:
  BUG#33794 "MySQL crashes executing specific query"
  - Testcase
mysql-test/t/subselect.test:
  BUG#33794 "MySQL crashes executing specific query"
  - Testcase
sql/sql_select.cc:
  BUG#33794 "MySQL crashes executing specific query"
  get_store_key() assumed that if it got a reference
    t.key=Item_outer_ref(Item_direct_ref(x)) 
  then x was an Item_field object, which is not the case when one refers to a
  named select list expression out ot subquery.
parent ec253269
...@@ -4392,4 +4392,52 @@ select count(*) from t1 where f12 = ...@@ -4392,4 +4392,52 @@ select count(*) from t1 where f12 =
count(*) count(*)
3 3
drop table t1,t2; drop table t1,t2;
CREATE TABLE t4 (
f7 varchar(32) collate utf8_bin NOT NULL default '',
f10 varchar(32) collate utf8_bin default NULL,
PRIMARY KEY (f7)
);
INSERT INTO t4 VALUES(1,1), (2,null);
CREATE TABLE t2 (
f4 varchar(32) collate utf8_bin NOT NULL default '',
f2 varchar(50) collate utf8_bin default NULL,
f3 varchar(10) collate utf8_bin default NULL,
PRIMARY KEY (f4),
UNIQUE KEY uk1 (f2)
);
INSERT INTO t2 VALUES(1,1,null), (2,2,null);
CREATE TABLE t1 (
f8 varchar(32) collate utf8_bin NOT NULL default '',
f1 varchar(10) collate utf8_bin default NULL,
f9 varchar(32) collate utf8_bin default NULL,
PRIMARY KEY (f8)
);
INSERT INTO t1 VALUES (1,'P',1), (2,'P',1), (3,'R',2);
CREATE TABLE t3 (
f6 varchar(32) collate utf8_bin NOT NULL default '',
f5 varchar(50) collate utf8_bin default NULL,
PRIMARY KEY (f6)
);
INSERT INTO t3 VALUES (1,null), (2,null);
SELECT
IF(t1.f1 = 'R', a1.f2, t2.f2) AS a4,
IF(t1.f1 = 'R', a1.f3, t2.f3) AS f3,
SUM(
IF(
(SELECT VPC.f2
FROM t2 VPC, t4 a2, t2 a3
WHERE
VPC.f4 = a2.f10 AND a3.f2 = a4
LIMIT 1) IS NULL,
0,
t3.f5
)
) AS a6
FROM
t2, t3, t1 JOIN t2 a1 ON t1.f9 = a1.f4
GROUP BY a4;
a4 f3 a6
1 NULL NULL
2 NULL NULL
DROP TABLE t1, t2;
End of 5.0 tests. End of 5.0 tests.
...@@ -3252,4 +3252,59 @@ select count(*) from t1 where f12 = ...@@ -3252,4 +3252,59 @@ select count(*) from t1 where f12 =
(select f22 from t2 where f22 = f12 order by f21 desc, f22, f23 limit 1); (select f22 from t2 where f22 = f12 order by f21 desc, f22, f23 limit 1);
drop table t1,t2; drop table t1,t2;
#
# BUG#33794 "MySQL crashes executing specific query on specific dump"
#
CREATE TABLE t4 (
f7 varchar(32) collate utf8_bin NOT NULL default '',
f10 varchar(32) collate utf8_bin default NULL,
PRIMARY KEY (f7)
);
INSERT INTO t4 VALUES(1,1), (2,null);
CREATE TABLE t2 (
f4 varchar(32) collate utf8_bin NOT NULL default '',
f2 varchar(50) collate utf8_bin default NULL,
f3 varchar(10) collate utf8_bin default NULL,
PRIMARY KEY (f4),
UNIQUE KEY uk1 (f2)
);
INSERT INTO t2 VALUES(1,1,null), (2,2,null);
CREATE TABLE t1 (
f8 varchar(32) collate utf8_bin NOT NULL default '',
f1 varchar(10) collate utf8_bin default NULL,
f9 varchar(32) collate utf8_bin default NULL,
PRIMARY KEY (f8)
);
INSERT INTO t1 VALUES (1,'P',1), (2,'P',1), (3,'R',2);
CREATE TABLE t3 (
f6 varchar(32) collate utf8_bin NOT NULL default '',
f5 varchar(50) collate utf8_bin default NULL,
PRIMARY KEY (f6)
);
INSERT INTO t3 VALUES (1,null), (2,null);
SELECT
IF(t1.f1 = 'R', a1.f2, t2.f2) AS a4,
IF(t1.f1 = 'R', a1.f3, t2.f3) AS f3,
SUM(
IF(
(SELECT VPC.f2
FROM t2 VPC, t4 a2, t2 a3
WHERE
VPC.f4 = a2.f10 AND a3.f2 = a4
LIMIT 1) IS NULL,
0,
t3.f5
)
) AS a6
FROM
t2, t3, t1 JOIN t2 a1 ON t1.f9 = a1.f4
GROUP BY a4;
DROP TABLE t1, t2;
--echo End of 5.0 tests. --echo End of 5.0 tests.
...@@ -5379,7 +5379,8 @@ get_store_key(THD *thd, KEYUSE *keyuse, table_map used_tables, ...@@ -5379,7 +5379,8 @@ get_store_key(THD *thd, KEYUSE *keyuse, table_map used_tables,
(keyuse->val->type() == Item::REF_ITEM && (keyuse->val->type() == Item::REF_ITEM &&
((Item_ref*)keyuse->val)->ref_type() == Item_ref::OUTER_REF && ((Item_ref*)keyuse->val)->ref_type() == Item_ref::OUTER_REF &&
(*(Item_ref**)((Item_ref*)keyuse->val)->ref)->ref_type() == (*(Item_ref**)((Item_ref*)keyuse->val)->ref)->ref_type() ==
Item_ref::DIRECT_REF) ) Item_ref::DIRECT_REF &&
keyuse->val->real_item()->type() == Item::FIELD_ITEM))
return new store_key_field(thd, return new store_key_field(thd,
key_part->field, key_part->field,
key_buff + maybe_null, key_buff + maybe_null,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment