BUG#33794 "MySQL crashes executing specific query":

The problem occurred when one had a subquery that had an equality X=Y where Y referred to a named select list expression from the parent select. MySQL crashed when trying to use the X=Y equality for ref-based access. Fixed by allowing non-Item_field items in the described case. mysql-test/r/subselect.result: BUG#33794 "MySQL crashes executing specific query" - Testcase mysql-test/t/subselect.test: BUG#33794 "MySQL crashes executing specific query" - Testcase sql/sql_select.cc: BUG#33794 "MySQL crashes executing specific query" get_store_key() assumed that if it got a reference t.key=Item_outer_ref(Item_direct_ref(x)) then x was an Item_field object, which is not the case when one refers to a named select list expression out ot subquery.
author: unknown <sergefp@mysql.com> 2008-01-18 22:50:36 +0300
committer: unknown <sergefp@mysql.com> 2008-01-18 22:50:36 +0300
commit: c71a6428d822f60932e5cea0d395a06d777d2b9c (patch)
tree: 2b98b6b8eb52a5a4d644a37d6c735aac143342f6
parent: ec25326975a0dea51be201d1b92dcc1a44bd03da (diff)
download: mariadb-git-c71a6428d822f60932e5cea0d395a06d777d2b9c.tar.gz
3 files changed, 105 insertions, 1 deletions
diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result
index 75df77b0790..05acbe6457a 100644
--- a/mysql-test/r/subselect.result
+++ b/mysql-test/r/subselect.result
@@ -4392,4 +4392,52 @@ select count(*) from t1 where f12 =
 count(*)
 3
 drop table t1,t2;
+CREATE TABLE t4 (
+f7 varchar(32) collate utf8_bin NOT NULL default '',
+f10 varchar(32) collate utf8_bin default NULL,
+PRIMARY KEY  (f7)
+);
+INSERT INTO t4 VALUES(1,1), (2,null);
+CREATE TABLE t2 (
+f4 varchar(32) collate utf8_bin NOT NULL default '',
+f2 varchar(50) collate utf8_bin default NULL,
+f3 varchar(10) collate utf8_bin default NULL,
+PRIMARY KEY  (f4),
+UNIQUE KEY uk1 (f2)
+);
+INSERT INTO t2 VALUES(1,1,null), (2,2,null);
+CREATE TABLE t1 (
+f8 varchar(32) collate utf8_bin NOT NULL default '',
+f1 varchar(10) collate utf8_bin default NULL,
+f9 varchar(32) collate utf8_bin default NULL,
+PRIMARY KEY  (f8)
+);
+INSERT INTO t1 VALUES (1,'P',1), (2,'P',1), (3,'R',2);
+CREATE TABLE t3 (
+f6 varchar(32) collate utf8_bin NOT NULL default '',
+f5 varchar(50) collate utf8_bin default NULL,
+PRIMARY KEY (f6)
+);
+INSERT INTO t3 VALUES (1,null), (2,null);
+SELECT
+IF(t1.f1 = 'R', a1.f2, t2.f2) AS a4,
+IF(t1.f1 = 'R', a1.f3, t2.f3) AS f3,
+SUM(
+IF(
+(SELECT VPC.f2
+FROM t2 VPC, t4 a2, t2 a3
+WHERE
+VPC.f4 = a2.f10 AND a3.f2 = a4
+LIMIT 1) IS NULL, 
+0, 
+t3.f5
+)
+) AS a6
+FROM 
+t2, t3, t1 JOIN t2 a1 ON t1.f9 = a1.f4
+GROUP BY a4;
+a4	f3	a6
+1	NULL	NULL
+2	NULL	NULL
+DROP TABLE t1, t2;
 End of 5.0 tests.
diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test
index 88e4f683e9e..509f0969ca4 100644
--- a/mysql-test/t/subselect.test
+++ b/mysql-test/t/subselect.test
@@ -3252,4 +3252,59 @@ select count(*) from t1 where f12 =
 (select f22 from t2 where f22 = f12 order by f21 desc, f22, f23 limit 1);
 
 drop table t1,t2;
+
+#
+# BUG#33794 "MySQL crashes executing specific query on specific dump"
+#
+CREATE TABLE t4 (
+  f7 varchar(32) collate utf8_bin NOT NULL default '',
+  f10 varchar(32) collate utf8_bin default NULL,
+  PRIMARY KEY  (f7)
+);
+INSERT INTO t4 VALUES(1,1), (2,null);
+
+CREATE TABLE t2 (
+  f4 varchar(32) collate utf8_bin NOT NULL default '',
+  f2 varchar(50) collate utf8_bin default NULL,
+  f3 varchar(10) collate utf8_bin default NULL,
+  PRIMARY KEY  (f4),
+  UNIQUE KEY uk1 (f2)
+);
+INSERT INTO t2 VALUES(1,1,null), (2,2,null);
+
+CREATE TABLE t1 (
+  f8 varchar(32) collate utf8_bin NOT NULL default '',
+  f1 varchar(10) collate utf8_bin default NULL,
+  f9 varchar(32) collate utf8_bin default NULL,
+  PRIMARY KEY  (f8)
+);
+INSERT INTO t1 VALUES (1,'P',1), (2,'P',1), (3,'R',2);
+
+CREATE TABLE t3 (
+  f6 varchar(32) collate utf8_bin NOT NULL default '',
+  f5 varchar(50) collate utf8_bin default NULL,
+  PRIMARY KEY (f6)
+);
+INSERT INTO t3 VALUES (1,null), (2,null);
+
+SELECT
+  IF(t1.f1 = 'R', a1.f2, t2.f2) AS a4,
+  IF(t1.f1 = 'R', a1.f3, t2.f3) AS f3,
+  SUM(
+    IF(
+      (SELECT VPC.f2
+       FROM t2 VPC, t4 a2, t2 a3
+       WHERE
+         VPC.f4 = a2.f10 AND a3.f2 = a4
+       LIMIT 1) IS NULL, 
+       0, 
+       t3.f5
+    )
+  ) AS a6
+FROM 
+  t2, t3, t1 JOIN t2 a1 ON t1.f9 = a1.f4
+GROUP BY a4;
+
+DROP TABLE t1, t2;
 --echo End of 5.0 tests.
+
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 17b6a4a44ab..87935b5548f 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -5379,7 +5379,8 @@ get_store_key(THD *thd, KEYUSE *keyuse, table_map used_tables,
            (keyuse->val->type() == Item::REF_ITEM &&
             ((Item_ref*)keyuse->val)->ref_type() == Item_ref::OUTER_REF &&
             (*(Item_ref**)((Item_ref*)keyuse->val)->ref)->ref_type() ==
-             Item_ref::DIRECT_REF) )
+             Item_ref::DIRECT_REF && 
+            keyuse->val->real_item()->type() == Item::FIELD_ITEM))
     return new store_key_field(thd,
 			       key_part->field,
 			       key_buff + maybe_null,
author	unknown <sergefp@mysql.com>	2008-01-18 22:50:36 +0300
committer	unknown <sergefp@mysql.com>	2008-01-18 22:50:36 +0300
commit	c71a6428d822f60932e5cea0d395a06d777d2b9c (patch)
tree	2b98b6b8eb52a5a4d644a37d6c735aac143342f6
parent	ec25326975a0dea51be201d1b92dcc1a44bd03da (diff)
download	mariadb-git-c71a6428d822f60932e5cea0d395a06d777d2b9c.tar.gz