diff options
| author | Igor Babaev <igor@askmonty.org> | 2018-10-17 01:27:25 -0700 |
|---|---|---|
| committer | Igor Babaev <igor@askmonty.org> | 2018-10-17 01:28:07 -0700 |
| commit | 13e217b8c1da39b1246fe82203a4c8897d4c9e8d (patch) | |
| tree | 40664b0ddf3109778fa73348f111b1d3394ca37e /sql | |
| parent | 6eae037c4c76a5746f3954356a5a8b78da49dd1b (diff) | |
| download | mariadb-git-13e217b8c1da39b1246fe82203a4c8897d4c9e8d.tar.gz | |
MDEV-17027 server crashes in Bitmap<64u>::merge
The function and_new_conditions_to_optimized_cond() incorrectly handled
the WHERE conditions with one multiple equality and one IN subquery predicate
that could be converted into a jtbm semi-join. This could cause crashes.
The fix code was prepared by Galina Shalygina.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/opt_subselect.cc | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/sql/opt_subselect.cc b/sql/opt_subselect.cc index 4eeaefa883c..c4c30c9b50d 100644 --- a/sql/opt_subselect.cc +++ b/sql/opt_subselect.cc @@ -5667,31 +5667,31 @@ Item *and_new_conditions_to_optimized_cond(THD *thd, Item *cond, } } + if (is_mult_eq) + { + Item_equal *eq_cond= (Item_equal *)cond; + eq_cond->upper_levels= 0; + eq_cond->merge_into_list(thd, &new_cond_equal.current_level, + false, false); + + while ((equality= it++)) + { + if (equality->const_item() && !equality->val_int()) + is_simplified_cond= true; + } + (*cond_eq)->copy(new_cond_equal); + } + if (new_cond_equal.current_level.elements > 0) { - if (is_mult_eq) + if (new_cond_equal.current_level.elements + + new_conds_list.elements == 1) { - Item_equal *eq_cond= (Item_equal *)cond; - eq_cond->upper_levels= 0; - eq_cond->merge_into_list(thd, &new_cond_equal.current_level, - false, false); - - while ((equality= it++)) - { - if (equality->const_item() && !equality->val_int()) - is_simplified_cond= true; - } - - if (new_cond_equal.current_level.elements + - new_conds_list.elements == 1) - { - it.rewind(); - equality= it++; - equality->fixed= 0; - if (equality->fix_fields(thd, NULL)) - return NULL; - } - (*cond_eq)->copy(new_cond_equal); + it.rewind(); + equality= it++; + equality->fixed= 0; + if (equality->fix_fields(thd, NULL)) + return NULL; } new_conds_list.append((List<Item> *)&new_cond_equal.current_level); } |