summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIgor Babaev <igor@askmonty.org>2022-01-05 22:36:20 -0800
committerIgor Babaev <igor@askmonty.org>2022-01-10 09:12:17 -0800
commit6dec0332fbdb6ca58c46284c7139735f137e2a81 (patch)
treeb8eca14e77b4e9f35e733ed9de34fd976aaa1063
parentd6ee351bbb66b023e8c477b039aa469b053f84ad (diff)
downloadmariadb-git-6dec0332fbdb6ca58c46284c7139735f137e2a81.tar.gz
MDEV-25086 Stored Procedure Crashes Server
The cause of this bug is the same as of the bug MDEV-24454. This bug manifested itself at the second execution of the queries that contained a set function whose only argument was outer reference to a column of a mergeable view or derived table or CTE. The first execution of such query worked fine, but the second execution of the query caused a crash of the server because the aggregation select for the used set function was determined incorrectly at the name resolution phase of the second execution.
-rw-r--r--mysql-test/r/derived_view.result130
-rw-r--r--mysql-test/t/derived_view.test111
-rw-r--r--sql/item.cc3
3 files changed, 243 insertions, 1 deletions
diff --git a/mysql-test/r/derived_view.result b/mysql-test/r/derived_view.result
index d8ee508f5db..0c045e39271 100644
--- a/mysql-test/r/derived_view.result
+++ b/mysql-test/r/derived_view.result
@@ -3456,4 +3456,134 @@ a
3
drop view v1;
drop table t1;
+#
+# MDEV-24454 Second execution of SELECT containing set function
+# MDEV-25086: whose only argument is an outer reference to a column
+# of mergeable view/derived/table/CTE
+#
+create table t1 (a int);
+create table t2 (b int);
+insert into t1 values (3), (1), (3);
+insert into t2 values (70), (30), (70);
+create view v1 as select * from t2;
+prepare stmt from "
+select (select sum(b) from t1 where a=1) as r from v1;
+";
+execute stmt;
+r
+170
+execute stmt;
+r
+170
+deallocate prepare stmt;
+prepare stmt from "
+select (select sum(b) from t1 where a=1) as r from (select * from t2) dt;
+";
+execute stmt;
+r
+170
+execute stmt;
+r
+170
+deallocate prepare stmt;
+prepare stmt from "
+with cte as (select * from t2)
+select (select sum(b) from t1 where a=1) as r from cte;
+";
+execute stmt;
+r
+170
+execute stmt;
+r
+170
+deallocate prepare stmt;
+prepare stmt from "
+select (select sum(b) from t1 where a=1) as r
+from (select * from v1 where b > 50) dt;
+";
+execute stmt;
+r
+140
+execute stmt;
+r
+140
+deallocate prepare stmt;
+prepare stmt from "
+select (select sum(b) from t1 where a=1) as r
+from (select * from (select * from t2) dt1 where b > 50) dt;
+";
+execute stmt;
+r
+140
+execute stmt;
+r
+140
+deallocate prepare stmt;
+prepare stmt from "
+with cte as (select * from (select * from t2) dt1 where b > 50)
+select (select sum(b) from t1 where a=1) as r from cte;
+";
+execute stmt;
+r
+140
+execute stmt;
+r
+140
+deallocate prepare stmt;
+create procedure sp1()
+begin
+select (select sum(b) from t1 where a=1) as r from v1;
+end |
+call sp1();
+r
+170
+call sp1();
+r
+170
+drop procedure sp1;
+create procedure sp1()
+begin
+select (select sum(b) from t1 where a=1) as r from (select * from t2) dt;
+end |
+call sp1();
+r
+170
+call sp1();
+r
+170
+drop procedure sp1;
+create procedure sp1()
+begin
+with cte as (select * from t2)
+select (select sum(b) from t1 where a=1) as r from cte;
+end |
+call sp1();
+r
+170
+call sp1();
+r
+170
+drop procedure sp1;
+drop view v1;
+drop table t1,t2;
+CREATE TABLE t1(f0 INT);
+INSERT INTO t1 VALUES (3);
+CREATE VIEW v1 AS SELECT f0 AS f1 FROM t1;
+CREATE VIEW v2 AS
+SELECT
+(SELECT GROUP_CONCAT(v1.f1 SEPARATOR ', ') FROM v1 n) AS f2,
+GROUP_CONCAT('aa' SEPARATOR ', ') AS f3
+FROM v1;
+CREATE VIEW v3 AS SELECT * FROM v2;
+CREATE PROCEDURE p1()
+SELECT * FROM v3;
+CALL p1();
+f2 f3
+3 aa
+CALL p1();
+f2 f3
+3 aa
+DROP PROCEDURE p1;
+DROP VIEW v1,v2,v3;
+DROP TABLE t1;
# End of 10.2 tests
diff --git a/mysql-test/t/derived_view.test b/mysql-test/t/derived_view.test
index 89ada40e84c..0f3d9b224ba 100644
--- a/mysql-test/t/derived_view.test
+++ b/mysql-test/t/derived_view.test
@@ -2265,4 +2265,115 @@ select * from ((select a from t1 limit 2) order by a desc) dt;
drop view v1;
drop table t1;
+--echo #
+--echo # MDEV-24454 Second execution of SELECT containing set function
+--echo # MDEV-25086: whose only argument is an outer reference to a column
+--echo # of mergeable view/derived/table/CTE
+--echo #
+
+create table t1 (a int);
+create table t2 (b int);
+insert into t1 values (3), (1), (3);
+insert into t2 values (70), (30), (70);
+create view v1 as select * from t2;
+
+prepare stmt from "
+select (select sum(b) from t1 where a=1) as r from v1;
+";
+execute stmt;
+execute stmt;
+deallocate prepare stmt;
+
+prepare stmt from "
+select (select sum(b) from t1 where a=1) as r from (select * from t2) dt;
+";
+execute stmt;
+execute stmt;
+deallocate prepare stmt;
+
+prepare stmt from "
+with cte as (select * from t2)
+select (select sum(b) from t1 where a=1) as r from cte;
+";
+execute stmt;
+execute stmt;
+deallocate prepare stmt;
+
+prepare stmt from "
+select (select sum(b) from t1 where a=1) as r
+from (select * from v1 where b > 50) dt;
+";
+execute stmt;
+execute stmt;
+deallocate prepare stmt;
+
+prepare stmt from "
+select (select sum(b) from t1 where a=1) as r
+from (select * from (select * from t2) dt1 where b > 50) dt;
+";
+execute stmt;
+execute stmt;
+deallocate prepare stmt;
+
+prepare stmt from "
+with cte as (select * from (select * from t2) dt1 where b > 50)
+select (select sum(b) from t1 where a=1) as r from cte;
+";
+execute stmt;
+execute stmt;
+deallocate prepare stmt;
+
+--delimiter |
+create procedure sp1()
+begin
+select (select sum(b) from t1 where a=1) as r from v1;
+end |
+--delimiter ;
+call sp1();
+call sp1();
+drop procedure sp1;
+
+--delimiter |
+create procedure sp1()
+begin
+select (select sum(b) from t1 where a=1) as r from (select * from t2) dt;
+end |
+--delimiter ;
+call sp1();
+call sp1();
+drop procedure sp1;
+
+--delimiter |
+create procedure sp1()
+begin
+with cte as (select * from t2)
+select (select sum(b) from t1 where a=1) as r from cte;
+end |
+--delimiter ;
+call sp1();
+call sp1();
+drop procedure sp1;
+
+drop view v1;
+drop table t1,t2;
+
+CREATE TABLE t1(f0 INT);
+INSERT INTO t1 VALUES (3);
+CREATE VIEW v1 AS SELECT f0 AS f1 FROM t1;
+CREATE VIEW v2 AS
+SELECT
+ (SELECT GROUP_CONCAT(v1.f1 SEPARATOR ', ') FROM v1 n) AS f2,
+ GROUP_CONCAT('aa' SEPARATOR ', ') AS f3
+FROM v1;
+CREATE VIEW v3 AS SELECT * FROM v2;
+
+CREATE PROCEDURE p1()
+ SELECT * FROM v3;
+CALL p1();
+CALL p1();
+
+DROP PROCEDURE p1;
+DROP VIEW v1,v2,v3;
+DROP TABLE t1;
+
--echo # End of 10.2 tests
diff --git a/sql/item.cc b/sql/item.cc
index 2317d54d3e5..32bcd282401 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -5617,7 +5617,8 @@ bool Item_field::fix_fields(THD *thd, Item **reference)
goto mark_non_agg_field;
}
- if (thd->lex->in_sum_func &&
+ if (!thd->lex->current_select->no_wrap_view_item &&
+ thd->lex->in_sum_func &&
thd->lex->in_sum_func->nest_level ==
select->nest_level)
set_if_bigger(thd->lex->in_sum_func->max_arg_level,