diff options
| author | Rucha Deodhar <rucha.deodhar@mariadb.com> | 2022-09-26 13:29:10 +0530 |
|---|---|---|
| committer | Rucha Deodhar <rucha.deodhar@mariadb.com> | 2022-10-03 18:07:41 +0530 |
| commit | 7865c8c9a2fba7444c29af3fcece32f7f83f71be (patch) | |
| tree | 5824d4207271687f9bf845be325e59cd11782013 /sql/sql_lex.cc | |
| parent | 3a2116241b128b811ee2455845ff9710da3115ac (diff) | |
| download | mariadb-git-7865c8c9a2fba7444c29af3fcece32f7f83f71be.tar.gz | |
Crash in INSERT...SELECT..RETURNING with subquery
Underlying causes of all bugs mentioned below are same. This patch fixes
all of them:
1) MDEV-25028: ASAN use-after-poison in
base_list_iterator::next or Assertion `sl->join == 0' upon
INSERT .. RETURNING via PS
2) MDEV-25187: Assertion `inited == NONE || table->open_by_handler'
failed or Direct leak in init_dynamic_array2 upon INSERT .. RETURNING
and memory leak in init_dynamic_array2
3) MDEV-28740: crash in INSERT RETURNING subquery in prepared statements
4) MDEV-27165: crash in base_list_iterator::next
5) MDEV-29686: Assertion `slave == 0' failed in
st_select_lex_node::attach_single
Analysis:
consider this statement:
INSERT(1)...SELECT(2)...(SELECT(3)...) RETURNING (SELECT(4)...)
When RETURNING is encountered, add_slave() changes how selects are linked.
It makes the builtin_select(1) slave of SELECT(2). This causes
losing of already existing slave(3) (which is nested select of SELECT of
INSERT...SELECT). When really, builtin_select (1) shouldn't be slave to
SELECT(2) because it is not nested within it. Also, push_select() to use
correct context also changed how select are linked.
During reinit_stmt_before_use(), we expect the selects to
be cleaned-up and have join=0. Since these selects are not linked correctly,
clean-up doesn't happen correctly so join is not NULL. Hence the crash.
Fix:
IF we are parsing RETURNING, make is_parsing_returning= true for
current select. get rid of add_slave(). In place of push_select(), used
push_context() to have correct context (the context of builtin_select)
to resolve items in item_list. And add these items to item_list of
builtin_select.
Diffstat (limited to 'sql/sql_lex.cc')
| -rw-r--r-- | sql/sql_lex.cc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 4fe097a4067..35ed1af7bc1 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -9522,7 +9522,8 @@ Item *LEX::create_item_qualified_asterisk(THD *thd, null_clex_str, *name, star_clex_str))) return NULL; - current_select->with_wild++; + current_select->parsing_place == IN_RETURNING ? + thd->lex->returning()->with_wild++ : current_select->with_wild++; return item; } @@ -9537,7 +9538,8 @@ Item *LEX::create_item_qualified_asterisk(THD *thd, if (!(item= new (thd->mem_root) Item_field(thd, current_context(), schema, *b, star_clex_str))) return NULL; - current_select->with_wild++; + current_select->parsing_place == IN_RETURNING ? + thd->lex->returning()->with_wild++ : current_select->with_wild++; return item; } |