[Commits] 13ad179: MDEV-8756 MariaDB 10.0.21 crashes during PREPARE

sanja at mariadb.com sanja at mariadb.com
Fri Nov 20 15:50:21 EET 2015


revision-id: 13ad179c96ee8c8c4043806b8575c851e3676f0d (mariadb-5.5.46-9-g13ad179)
parent(s): 43a5090980ac0ab9695587979b9068b6bf849d64
committer: Oleksandr Byelkin
timestamp: 2015-11-20 14:50:18 +0100
message:

MDEV-8756 MariaDB 10.0.21 crashes during PREPARE

Non-select-like queries has no correct JOIN structure connected to top-most SELECT_LEX (and should not).

---
 mysql-test/r/ps.result | 21 +++++++++++++++++++++
 mysql-test/t/ps.test   | 22 ++++++++++++++++++++++
 sql/item.cc            | 20 ++++++++++++++++++--
 3 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/ps.result b/mysql-test/r/ps.result
index 1438595..04a19d3 100644
--- a/mysql-test/r/ps.result
+++ b/mysql-test/r/ps.result
@@ -4052,3 +4052,24 @@ SELECT 1 FROM t1 GROUP BY 0 OR 18446744073709551615+1;
 ERROR 22003: BIGINT UNSIGNED value is out of range in '(18446744073709551615 + 1)'
 drop table t1;
 # End of 5.3 tests
+#
+# MDEV-8756: MariaDB 10.0.21 crashes during PREPARE
+#
+CREATE TABLE t1 ( id INT(10), value INT(10) );
+CREATE TABLE t2 ( id INT(10) );
+SET @save_sql_mode= @@sql_mode;
+SET SESSION sql_mode = 'ONLY_FULL_GROUP_BY';
+PREPARE stmt FROM 'UPDATE t1 t1 SET value = (SELECT 1 FROM t2 WHERE id = t1.id)';
+execute stmt;
+insert into t1 values (1,10),(2,10),(3,10);
+insert into t2 values (1),(2);
+execute stmt;
+select * from t1;
+id	value
+1	1
+2	1
+3	NULL
+deallocate prepare stmt;
+SET SESSION sql_mode = @save_sql_mode;
+DROP TABLE t1,t2;
+# End of 10.0 tests
diff --git a/mysql-test/t/ps.test b/mysql-test/t/ps.test
index 9775a8d..2ed5bb1 100644
--- a/mysql-test/t/ps.test
+++ b/mysql-test/t/ps.test
@@ -3633,3 +3633,25 @@ SELECT 1 FROM t1 GROUP BY 0 OR 18446744073709551615+1;
 drop table t1;
 
 --echo # End of 5.3 tests
+
+--echo #
+--echo # MDEV-8756: MariaDB 10.0.21 crashes during PREPARE
+--echo #
+
+CREATE TABLE t1 ( id INT(10), value INT(10) );
+CREATE TABLE t2 ( id INT(10) );
+SET @save_sql_mode= @@sql_mode;
+SET SESSION sql_mode = 'ONLY_FULL_GROUP_BY';
+
+PREPARE stmt FROM 'UPDATE t1 t1 SET value = (SELECT 1 FROM t2 WHERE id = t1.id)'; 
+execute stmt;
+insert into t1 values (1,10),(2,10),(3,10);
+insert into t2 values (1),(2);
+execute stmt;
+select * from t1;
+deallocate prepare stmt;
+SET SESSION sql_mode = @save_sql_mode;
+DROP TABLE t1,t2;
+
+
+--echo # End of 10.0 tests
diff --git a/sql/item.cc b/sql/item.cc
index 840272c..6d2983f 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -4889,8 +4889,24 @@ Item_field::fix_outer_field(THD *thd, Field **from_field, Item **reference)
             As this is an outer field it should be added to the list of
             non aggregated fields of the outer select.
           */
-          marker= select->cur_pos_in_select_list;
-          select->join->non_agg_fields.push_back(this);
+          if (select->join)
+          {
+            marker= select->cur_pos_in_select_list;
+            select->join->non_agg_fields.push_back(this);
+          }
+          else
+          {
+            /*
+              join is absent if it is upper SELECT_LEX of non-select
+              command
+            */
+            DBUG_ASSERT(select->master_unit()->outer_select() == NULL &&
+                        (thd->lex->sql_command != SQLCOM_SELECT &&
+                         thd->lex->sql_command != SQLCOM_UPDATE_MULTI &&
+                         thd->lex->sql_command != SQLCOM_DELETE_MULTI &&
+                         thd->lex->sql_command != SQLCOM_INSERT_SELECT &&
+                         thd->lex->sql_command != SQLCOM_REPLACE_SELECT));
+          }
         }
         if (*from_field != view_ref_found)
         {


More information about the commits mailing list