diff options
| author | Oleksandr Byelkin <sanja@mariadb.com> | 2021-09-15 16:06:02 +0200 |
|---|---|---|
| committer | Oleksandr Byelkin <sanja@mariadb.com> | 2022-02-10 14:36:25 +0100 |
| commit | 0168d1eda30dad4b517659422e347175eb89e923 (patch) | |
| tree | bc1935465b6427056eb3c9856f797525e0f667d5 | |
| parent | ad1fb06982d70c7ef61ac792f9dab7eae0e4abf8 (diff) | |
| download | mariadb-git-0168d1eda30dad4b517659422e347175eb89e923.tar.gz | |
MDEV-25766 Unused CTE lead to a crash in find_field_in_tables/find_order_in_list
Do not assume that subquery Item always present.
| -rw-r--r-- | mysql-test/r/cte_nonrecursive.result | 33 | ||||
| -rw-r--r-- | mysql-test/t/cte_nonrecursive.test | 36 | ||||
| -rw-r--r-- | sql/sql_base.cc | 7 |
3 files changed, 73 insertions, 3 deletions
diff --git a/mysql-test/r/cte_nonrecursive.result b/mysql-test/r/cte_nonrecursive.result index b2fee0d3c6f..4aaf11de8bf 100644 --- a/mysql-test/r/cte_nonrecursive.result +++ b/mysql-test/r/cte_nonrecursive.result @@ -2184,4 +2184,37 @@ select * from t1; a 7 drop table t1,t2; +# +# MDEV-25766: Unused CTE lead to a crash in +# find_field_in_tables/find_order_in_list +# +create table t1 (f1 INTEGER); +create view v1 as +select +subq_0.c4 as c2, +subq_0.c4 as c4 +from +(select +ref_0.f1 as c4 +from +t1 as ref_0 +where (select 1) +) as subq_0 +order by c2, c4 desc; +WITH +unused_with AS (select +subq_0.c4 as c6 +from +(select +11 as c4 +from +v1 as ref_0 +) as subq_0, +v1 as ref_2 +) +select 1 ; +1 +1 +drop view v1; +drop table t1; # End of 10.2 tests diff --git a/mysql-test/t/cte_nonrecursive.test b/mysql-test/t/cte_nonrecursive.test index 175be8b9881..723332b43b6 100644 --- a/mysql-test/t/cte_nonrecursive.test +++ b/mysql-test/t/cte_nonrecursive.test @@ -1624,4 +1624,40 @@ select * from t1; drop table t1,t2; +--echo # +--echo # MDEV-25766: Unused CTE lead to a crash in +--echo # find_field_in_tables/find_order_in_list +--echo # + +create table t1 (f1 INTEGER); + +create view v1 as +select + subq_0.c4 as c2, + subq_0.c4 as c4 + from + (select + ref_0.f1 as c4 + from + t1 as ref_0 + where (select 1) + ) as subq_0 + order by c2, c4 desc; + +WITH +unused_with AS (select + subq_0.c4 as c6 + from + (select + 11 as c4 + from + v1 as ref_0 + ) as subq_0, + v1 as ref_2 +) +select 1 ; + +drop view v1; +drop table t1; + --echo # End of 10.2 tests diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 248dedf36e4..a6c07600591 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -6011,9 +6011,10 @@ find_field_in_tables(THD *thd, Item_ident *item, sl=sl->outer_select()) { Item *subs= sl->master_unit()->item; - if (subs->type() == Item::SUBSELECT_ITEM && - ((Item_subselect*)subs)->substype() == Item_subselect::IN_SUBS && - ((Item_in_subselect*)subs)->test_strategy(SUBS_SEMI_JOIN)) + if (!subs || + (subs->type() == Item::SUBSELECT_ITEM && + ((Item_subselect*)subs)->substype() == Item_subselect::IN_SUBS && + ((Item_in_subselect*)subs)->test_strategy(SUBS_SEMI_JOIN))) { continue; } |