MDEV-18668 Server crash or ASAN use-after-poison in Item_equal_iterator /

           st_select_lex::pushdown_from_having_into_where upon query
           with impossible WHERE condition

Do not push from HAVING into impossible WHERE

3 files changed, 30 insertions, 1 deletions

diff --git a/mysql-test/main/having_cond_pushdown.result b/mysql-test/main/having_cond_pushdown.result
index 9d2fbcead4e..ef7368bd1fb 100644
--- a/mysql-test/main/having_cond_pushdown.result
+++ b/mysql-test/main/having_cond_pushdown.result
@@ -1906,3 +1906,15 @@ EXPLAIN
 DROP TABLE t1,t2;
 DROP VIEW v1;
 DROP FUNCTION f1;
+#
+# MDEV-18668: pushdown from HAVING into impossible WHERE
+#
+CREATE TABLE t1 (a INT, b INT);
+INSERT INTO t1 VALUES (1,1),(2,2);
+SELECT a FROM t1 WHERE b = 1 AND b = 2 GROUP BY a HAVING a <= 3;
+a
+EXPLAIN
+SELECT a FROM t1 WHERE b = 1 AND b = 2 GROUP BY a HAVING a <= 3;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	NULL	NULL	NULL	NULL	NULL	NULL	NULL	Impossible WHERE
+DROP TABLE t1;
diff --git a/mysql-test/main/having_cond_pushdown.test b/mysql-test/main/having_cond_pushdown.test
index 2af9d58bc4d..2fbb5708c50 100644
--- a/mysql-test/main/having_cond_pushdown.test
+++ b/mysql-test/main/having_cond_pushdown.test
@@ -473,3 +473,16 @@ eval $no_pushdown explain format=json $query;
 DROP TABLE t1,t2;
 DROP VIEW v1;
 DROP FUNCTION f1;
+
+--echo #
+--echo # MDEV-18668: pushdown from HAVING into impossible WHERE
+--echo #
+
+CREATE TABLE t1 (a INT, b INT);
+INSERT INTO t1 VALUES (1,1),(2,2);
+
+SELECT a FROM t1 WHERE b = 1 AND b = 2 GROUP BY a HAVING a <= 3;
+EXPLAIN
+SELECT a FROM t1 WHERE b = 1 AND b = 2 GROUP BY a HAVING a <= 3;
+
+DROP TABLE t1;
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 5faadb1dded..4f98153d752 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -1929,8 +1929,11 @@ JOIN::optimize_inner()
     DBUG_RETURN(1);
   }
 
+  /* Do not push into WHERE from HAVING if cond_value == Item::COND_FALSE */
+
   if (thd->lex->sql_command == SQLCOM_SELECT &&
-      optimizer_flag(thd, OPTIMIZER_SWITCH_COND_PUSHDOWN_FROM_HAVING))
+      optimizer_flag(thd, OPTIMIZER_SWITCH_COND_PUSHDOWN_FROM_HAVING) &&
+      cond_value != Item::COND_FALSE)
   {
     having=
       select_lex->pushdown_from_having_into_where(thd, having);
@@ -15380,6 +15383,7 @@ Item *eliminate_item_equal(THD *thd, COND *cond, COND_EQUAL *upper_levels,
   @param cond            condition to process
   @param cond_equal      multiple equalities to take into consideration
   @param table_join_idx  index to tables determining field preference
+  @param do_substitution if false: do not do any field substitution
 
   @note
     At the first glance full sort of fields in multiple equality