diff options
| author | Dmitry Shulga <dmitry.shulga@mariadb.com> | 2022-07-12 17:18:48 +0700 |
|---|---|---|
| committer | Dmitry Shulga <dmitry.shulga@mariadb.com> | 2022-07-12 17:18:48 +0700 |
| commit | f439cfdf93691d451a2efe075a90526bd67b8278 (patch) | |
| tree | 4e659975458b3529ce5e4c3441e842abf3822650 | |
| parent | 9a0cbd31ce8576468981b14b066dea155cb922d9 (diff) | |
| download | mariadb-git-f439cfdf93691d451a2efe075a90526bd67b8278.tar.gz | |
MDEV-22001: Server crashes in st_select_lex_unit::exclude_level upon execution of SP
Running some statements that use IN subqueries outside context of a regular
query could result in server abnormal termination.
The reason for failure is that internal structures SELECT_LEX/SELECT_LEX_UNIT
created on behalf of parsed query were initialized incorrectly. Incorrect
initialization of the structures SELECT_LEX/SELECT_LEX_UNIT was introduced
by the commit de745ecf29721795710910a19bd0ea3389da804c
(MDEV-11953: support of brackets in UNION/EXCEPT/INTERSECT operations)
pushed into 10.4, that is the reason this bug report is not reproduced in 10.3.
To fix the issue the method SLECTE_LEX::register_unit is used for proper
initialization of the data structures SELECT_LEX/SELECT_LEX_UNIT. Additionally,
the method SELECT_LEX::get_slave() was removed from the source code base
since for those use cases where it is used it can be replaced by the method
first_inner_unit().
| -rw-r--r-- | mysql-test/main/sp-bugs.result | 10 | ||||
| -rw-r--r-- | mysql-test/main/sp-bugs.test | 15 | ||||
| -rw-r--r-- | sql/sql_lex.cc | 12 | ||||
| -rw-r--r-- | sql/sql_lex.h | 1 |
4 files changed, 32 insertions, 6 deletions
diff --git a/mysql-test/main/sp-bugs.result b/mysql-test/main/sp-bugs.result index 8c6788d03f4..a166a5a0a9a 100644 --- a/mysql-test/main/sp-bugs.result +++ b/mysql-test/main/sp-bugs.result @@ -353,3 +353,13 @@ drop table _t1; # # End of 10.3 tests # +# +# MDEV-22001: Server crashes in st_select_lex_unit::exclude_level upon execution of SP +# +BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR 2 ; END $ +BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR (SELECT 2) ; END $ +KILL (('x' IN ( SELECT 1)) MOD 44); +ERROR HY000: Unknown thread id: 0 +# +# End of 10.4 tests +# diff --git a/mysql-test/main/sp-bugs.test b/mysql-test/main/sp-bugs.test index 9b81fd1af61..18fe14dc8bc 100644 --- a/mysql-test/main/sp-bugs.test +++ b/mysql-test/main/sp-bugs.test @@ -371,3 +371,18 @@ drop table _t1; --echo # --echo # End of 10.3 tests --echo # + +--echo # +--echo # MDEV-22001: Server crashes in st_select_lex_unit::exclude_level upon execution of SP +--echo # +--delimiter $ +BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR 2 ; END $ +BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR (SELECT 2) ; END $ +--delimiter ; + +--error ER_NO_SUCH_THREAD +KILL (('x' IN ( SELECT 1)) MOD 44); + +--echo # +--echo # End of 10.4 tests +--echo # diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 9555c4d7a28..b2283e5c77d 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -9684,11 +9684,13 @@ void LEX::relink_hack(st_select_lex *select_lex) { if (!select_stack_top) // Statements of the second type { - if (!select_lex->get_master()->get_master()) - ((st_select_lex *) select_lex->get_master())-> - set_master(&builtin_select); - if (!builtin_select.get_slave()) - builtin_select.set_slave(select_lex->get_master()); + if (!select_lex->outer_select() && + !builtin_select.first_inner_unit()) + { + builtin_select.register_unit(select_lex->master_unit(), + &builtin_select.context); + builtin_select.add_statistics(select_lex->master_unit()); + } } } diff --git a/sql/sql_lex.h b/sql/sql_lex.h index 09e0df2edca..d798bceeeda 100644 --- a/sql/sql_lex.h +++ b/sql/sql_lex.h @@ -738,7 +738,6 @@ public: } inline st_select_lex_node* get_master() { return master; } - inline st_select_lex_node* get_slave() { return slave; } void include_down(st_select_lex_node *upper); void add_slave(st_select_lex_node *slave_arg); void include_neighbour(st_select_lex_node *before); |