diff options
| author | Igor Babaev <igor@askmonty.org> | 2018-10-07 12:16:59 -0700 |
|---|---|---|
| committer | Igor Babaev <igor@askmonty.org> | 2018-10-07 12:18:38 -0700 |
| commit | d03581bf3cc4afa397f9780eb63e568c8241dd0c (patch) | |
| tree | d52291b3e49fbaee872d8088979b11e6cb64e762 | |
| parent | 52f326cfb7fb1b029c119feb77281f37139abe27 (diff) | |
| download | mariadb-git-d03581bf3cc4afa397f9780eb63e568c8241dd0c.tar.gz | |
MDEV-17360 Server crashes in optimize_keyuse
This was a bug in the code of MDEV-12387 "Push conditions into materialized
subqueries". The bug manifested itself in rather rare situations. An
affected query must contain IN subquery predicate whose left operand
was an outer field of a mergeable derived table or view and right operand
was a materialized subquery.
The erroneous code in fact stripped off the Item_direct_ref wrapper from
the left operand of the IN subquery predicate when building equalities
produced by the conversion of the predicate into a semi-join. As a result
the left operand was not considered as an outer reference anymore and
used_tables() was calculated incorrectly. This caused a crash in the
function optimize_keyuse().
| -rw-r--r-- | mysql-test/main/in_subq_cond_pushdown.result | 13 | ||||
| -rw-r--r-- | mysql-test/main/in_subq_cond_pushdown.test | 17 | ||||
| -rw-r--r-- | sql/opt_subselect.cc | 6 |
3 files changed, 33 insertions, 3 deletions
diff --git a/mysql-test/main/in_subq_cond_pushdown.result b/mysql-test/main/in_subq_cond_pushdown.result index c9319a5fb86..077edf79bea 100644 --- a/mysql-test/main/in_subq_cond_pushdown.result +++ b/mysql-test/main/in_subq_cond_pushdown.result @@ -3855,3 +3855,16 @@ ORDER BY t4.d a b c x x NULL DROP TABLE t1,t2,t3,t4; +# +# MDEV-17360: IN subquery predicate with outer reference in the left part +# that refers to a field of a mergeable derived table +# +CREATE TABLE t1 (id1 int) ENGINE=MYISAM; +INSERT INTO t1 VALUES (1814),(0),(NULL),(1); +CREATE TABLE t2 (id2 int) ENGINE=MYISAM; +SELECT 1 AS r FROM t2,t1,(SELECT * FROM t1) dt1 +WHERE NOT EXISTS (SELECT id2 FROM t2 +WHERE dt1.id1 IN (SELECT t2.id2 FROM t2 +HAVING t2.id2 >= 1)); +r +DROP TABLE t1,t2; diff --git a/mysql-test/main/in_subq_cond_pushdown.test b/mysql-test/main/in_subq_cond_pushdown.test index 3c673fb128b..4c0dd3dba0d 100644 --- a/mysql-test/main/in_subq_cond_pushdown.test +++ b/mysql-test/main/in_subq_cond_pushdown.test @@ -821,3 +821,20 @@ WHERE (t1.a) IN ); DROP TABLE t1,t2,t3,t4; + +--echo # +--echo # MDEV-17360: IN subquery predicate with outer reference in the left part +--echo # that refers to a field of a mergeable derived table +--echo # + +CREATE TABLE t1 (id1 int) ENGINE=MYISAM; +INSERT INTO t1 VALUES (1814),(0),(NULL),(1); + +CREATE TABLE t2 (id2 int) ENGINE=MYISAM; + +SELECT 1 AS r FROM t2,t1,(SELECT * FROM t1) dt1 + WHERE NOT EXISTS (SELECT id2 FROM t2 + WHERE dt1.id1 IN (SELECT t2.id2 FROM t2 + HAVING t2.id2 >= 1)); + +DROP TABLE t1,t2; diff --git a/sql/opt_subselect.cc b/sql/opt_subselect.cc index d1877c6c245..4eeaefa883c 100644 --- a/sql/opt_subselect.cc +++ b/sql/opt_subselect.cc @@ -5512,7 +5512,7 @@ int select_value_catcher::send_data(List<Item> &items) /** @brief - Conjugate conditions after optimize_cond() call + Add new conditions after optimize_cond() call @param thd the thread handle @param cond the condition where to attach new conditions @@ -5561,8 +5561,8 @@ Item *and_new_conditions_to_optimized_cond(THD *thd, Item *cond, Item::Context(Item::ANY_SUBST, ((Item_func_equal *)item)->compare_type_handler(), ((Item_func_equal *)item)->compare_collation()), - ((Item_func *)item)->arguments()[0]->real_item(), - ((Item_func *)item)->arguments()[1]->real_item(), + ((Item_func *)item)->arguments()[0], + ((Item_func *)item)->arguments()[1], &new_cond_equal)) li.remove(); } |