diff options
| author | Sergei Petrunia <psergey@askmonty.org> | 2020-06-13 16:45:55 +0300 |
|---|---|---|
| committer | Sergei Petrunia <psergey@askmonty.org> | 2020-06-14 10:40:56 +0300 |
| commit | 21e79331c8c89e397d5a1ca4a4b8a70ad7c0377a (patch) | |
| tree | eeff9cc48b4b915a1fb89ab2bce3e363d41d1c9b /sql/sql_prepare.cc | |
| parent | 2cd6afb08372dac6220f69fbb6b44d2d2e964cfc (diff) | |
| download | mariadb-git-21e79331c8c89e397d5a1ca4a4b8a70ad7c0377a.tar.gz | |
MDEV-22779: Crash: Prepared Statement with a '?' parameter inside a re-used CTE
When a prepared statement parameter '?' is used in a CTE that is used
multiple times, the following happens:
- The CTE definition is re-parsed multiple times.
- There are multiple Item_param objects referring to the same "?" in
the original query.
- Prepared_statement::param has a pointer to the first of them, the
others are "clones".
- When prepared statement parameter gets the value, it should be passed
over to clones with param->sync_clones() call.
This call is made in insert_params(), etc. It was not made in
insert_params_with_log().
This would cause Item_param to not have any value which would confuse
the query optimizer.
Added the missing call.
Diffstat (limited to 'sql/sql_prepare.cc')
| -rw-r--r-- | sql/sql_prepare.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 6ac85f1331e..79d18fcb799 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -903,6 +903,8 @@ static bool insert_params_with_log(Prepared_statement *stmt, uchar *null_array, if (param->convert_str_value(thd)) DBUG_RETURN(1); /* out of memory */ + + param->sync_clones(); } if (acc.finalize()) DBUG_RETURN(1); |