diff options
| author | Alexander Barkov <bar@mariadb.com> | 2018-06-13 11:56:56 +0400 |
|---|---|---|
| committer | Alexander Barkov <bar@mariadb.com> | 2018-06-13 11:56:56 +0400 |
| commit | 2412c151916dc65660644a0cd2fe5f34816ea901 (patch) | |
| tree | 887acf8786b498c06922e52c1a06a16ed7126135 | |
| parent | ae0aefb1c522455b785c2e43636c482cd161e3de (diff) | |
| download | mariadb-git-2412c151916dc65660644a0cd2fe5f34816ea901.tar.gz | |
MDEV-15870 Using aggregate and window function in unexpected places can crash the server
| -rw-r--r-- | mysql-test/r/sp.result | 11 | ||||
| -rw-r--r-- | mysql-test/t/sp.test | 14 | ||||
| -rw-r--r-- | sql/item_sum.cc | 4 | ||||
| -rw-r--r-- | sql/item_windowfunc.cc | 6 |
4 files changed, 30 insertions, 5 deletions
diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result index ad8dc15318e..59387b37585 100644 --- a/mysql-test/r/sp.result +++ b/mysql-test/r/sp.result @@ -8354,3 +8354,14 @@ drop procedure p3; CREATE PROCEDURE foo ( IN i INT UNSIGNED ) BEGIN END; CALL foo( LAST_INSERT_ID() ); DROP PROCEDURE foo; +# +# MDEV-15870 Using aggregate and window function in unexpected places can crash the server +# +CREATE PROCEDURE p1 (a TEXT) BEGIN END; +CALL p1(RANK() OVER (ORDER BY 1)); +ERROR HY000: Window function is allowed only in SELECT list and ORDER BY clause +CALL p1(ROW_NUMBER() OVER ()); +ERROR HY000: Window function is allowed only in SELECT list and ORDER BY clause +CALL p1(SUM(1)); +ERROR HY000: Invalid use of group function +DROP PROCEDURE p1; diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test index 549d97ad72b..e8b63c4d791 100644 --- a/mysql-test/t/sp.test +++ b/mysql-test/t/sp.test @@ -9865,3 +9865,17 @@ drop procedure p3; CREATE PROCEDURE foo ( IN i INT UNSIGNED ) BEGIN END; CALL foo( LAST_INSERT_ID() ); DROP PROCEDURE foo; + + +--echo # +--echo # MDEV-15870 Using aggregate and window function in unexpected places can crash the server +--echo # + +CREATE PROCEDURE p1 (a TEXT) BEGIN END; +--error ER_WRONG_PLACEMENT_OF_WINDOW_FUNCTION +CALL p1(RANK() OVER (ORDER BY 1)); +--error ER_WRONG_PLACEMENT_OF_WINDOW_FUNCTION +CALL p1(ROW_NUMBER() OVER ()); +--error ER_INVALID_GROUP_FUNC_USE +CALL p1(SUM(1)); +DROP PROCEDURE p1; diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 4cf11e81d3d..cb150db3031 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -68,14 +68,14 @@ size_t Item_sum::ram_limitation(THD *thd) bool Item_sum::init_sum_func_check(THD *thd) { SELECT_LEX *curr_sel= thd->lex->current_select; - if (!curr_sel->name_visibility_map) + if (curr_sel && !curr_sel->name_visibility_map) { for (SELECT_LEX *sl= curr_sel; sl; sl= sl->context.outer_select()) { curr_sel->name_visibility_map|= (1 << sl-> nest_level); } } - if (!(thd->lex->allow_sum_func & curr_sel->name_visibility_map)) + if (!curr_sel || !(thd->lex->allow_sum_func & curr_sel->name_visibility_map)) { my_message(ER_INVALID_GROUP_FUNC_USE, ER_THD(thd, ER_INVALID_GROUP_FUNC_USE), MYF(0)); diff --git a/sql/item_windowfunc.cc b/sql/item_windowfunc.cc index 5fbfb2651af..52738bfab87 100644 --- a/sql/item_windowfunc.cc +++ b/sql/item_windowfunc.cc @@ -71,9 +71,9 @@ Item_window_func::fix_fields(THD *thd, Item **ref) { DBUG_ASSERT(fixed == 0); - enum_parsing_place place= thd->lex->current_select->context_analysis_place; - - if (!(place == SELECT_LIST || place == IN_ORDER_BY)) + if (!thd->lex->current_select || + (thd->lex->current_select->context_analysis_place != SELECT_LIST && + thd->lex->current_select->context_analysis_place != IN_ORDER_BY)) { my_error(ER_WRONG_PLACEMENT_OF_WINDOW_FUNCTION, MYF(0)); return true; |