diff options
| author | Aleksey Midenkov <midenok@gmail.com> | 2021-10-11 13:36:07 +0300 |
|---|---|---|
| committer | Aleksey Midenkov <midenok@gmail.com> | 2021-10-11 13:36:07 +0300 |
| commit | ff77a09bda884fe6bf3917eb29b9d3a2f53f919b (patch) | |
| tree | 4b75790eb1210abd03af3ea7bf276a2b9a9c1598 | |
| parent | 1e70b287e702b7ff9191454d1316d9137b9be0c1 (diff) | |
| download | mariadb-git-ff77a09bda884fe6bf3917eb29b9d3a2f53f919b.tar.gz | |
MDEV-22464 Server crash on UPDATE with nested subquery
Uninitialized ref_pointer_array[] because setup_fields() got empty
fields list. mysql_multi_update() for some reason does that by
substituting the fields list with empty total_list for the
mysql_select() call (looks like wrong merge since total_list is not
used anywhere else and is always empty). The fix would be to return
back the original fields list. But this fails update_use_source.test
case:
--error ER_BAD_FIELD_ERROR
update v1 set t1c1=2 order by 1;
Actually not failing the above seems to be ok.
The other fix would be to keep resolve_in_select_list false (and that
keeps outer context from being resolved in
Item_ref::fix_fields()). This fix is more consistent with how SELECT
behaves:
--error ER_SUBQUERY_NO_1_ROW
select a from t1 where a= (select 2 from t1 having (a = 3));
So this patch implements this fix.
| -rw-r--r-- | mysql-test/main/multi_update.result | 10 | ||||
| -rw-r--r-- | mysql-test/main/multi_update.test | 11 | ||||
| -rw-r--r-- | sql/sql_select.cc | 3 |
3 files changed, 23 insertions, 1 deletions
diff --git a/mysql-test/main/multi_update.result b/mysql-test/main/multi_update.result index 520199d562c..71eafbf7e17 100644 --- a/mysql-test/main/multi_update.result +++ b/mysql-test/main/multi_update.result @@ -1151,3 +1151,13 @@ b 1 3 drop tables t1, t2; +# +# MDEV-22464 Server crash on UPDATE with nested subquery +# +create table t1 (a int) ; +insert into t1 (a) values (1),(2),(3) ; +select a from t1 where a= (select 2 from t1 having (a = 3)); +ERROR 21000: Subquery returns more than 1 row +update t1 set a= (select 2 from t1 having (a = 3)); +ERROR 21000: Subquery returns more than 1 row +drop tables t1; diff --git a/mysql-test/main/multi_update.test b/mysql-test/main/multi_update.test index 84f06a7c165..3ee36f97fc5 100644 --- a/mysql-test/main/multi_update.test +++ b/mysql-test/main/multi_update.test @@ -1087,3 +1087,14 @@ update t1 left join t2 on a = b set b= 3 order by b; select * from t2; drop tables t1, t2; + +--echo # +--echo # MDEV-22464 Server crash on UPDATE with nested subquery +--echo # +create table t1 (a int) ; +insert into t1 (a) values (1),(2),(3) ; +--error ER_SUBQUERY_NO_1_ROW +select a from t1 where a= (select 2 from t1 having (a = 3)); +--error ER_SUBQUERY_NO_1_ROW +update t1 set a= (select 2 from t1 having (a = 3)); +drop tables t1; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 09d890161f6..e44ba4b59e1 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -4268,7 +4268,8 @@ mysql_select(THD *thd, bool free_join= 1; DBUG_ENTER("mysql_select"); - select_lex->context.resolve_in_select_list= TRUE; + if (!fields.is_empty()) + select_lex->context.resolve_in_select_list= true; JOIN *join; if (select_lex->join != 0) { |