Fix bug lp:806943

Analysis: This bug is yet another incarnation of the generic problem where optimization of the outer query triggers evaluation of a subquery, and this evaluation performs a destructive change to the subquery plan. Specifically a temp table is created for the DISTINCT operation that replaces the original subquery table. Later, select_describe() attempts to print the table name, however, there is no corresponding TABLE_LIST object to the internal temp table, so we get a crash. Execution works fine because it is not interested in the corresponding TABLE_LIST object (or its name). Solution: Similar to other such bugs, block the evaluation of expensive Items in convert_const_to_int().
2025-01-16 20:12:31 +01:00 · 2011-07-07 16:28:26 +03:00 · 2011-07-07 16:28:26 +03:00 · 4128ec4852
commit 4128ec4852
parent 801a4ebca9
3 changed files with 65 additions and 1 deletions
--- a/mysql-test/r/subselect4.result
+++ b/mysql-test/r/subselect4.result
@ -1784,4 +1784,35 @@ WHERE EXISTS (SELECT DISTINCT f1 FROM t4) LIMIT 1)
 AND t2.f2 = t1.f1;
 f1	f2	f1	f2
 drop table t1,t2,t3,t4;
+#
+# LP BUG#806943 Second crash with select_describe with nested subqueries in maria-5.3
+#
+CREATE TABLE t1 ( f4 int) ;
+INSERT INTO t1 VALUES (0),(0);
+CREATE TABLE t2 ( f2 int) ;
+CREATE TABLE t3 ( f1 int NOT NULL );
+CREATE TABLE t4 ( f2 int, f3 int) ;
+INSERT INTO t4 VALUES (8,0),(3,0);
+EXPLAIN SELECT *
+FROM t2, t3
+WHERE t3.f1 = (
+SELECT SUM( f2 )
+FROM t4
+WHERE EXISTS (
+SELECT DISTINCT f4
+FROM t1));
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	PRIMARY	NULL	NULL	NULL	NULL	NULL	NULL	NULL	Impossible WHERE noticed after reading const tables
+2	SUBQUERY	t4	ALL	NULL	NULL	NULL	NULL	2	
+3	SUBQUERY	t1	ALL	NULL	NULL	NULL	NULL	2	Using temporary
+SELECT *
+FROM t2, t3
+WHERE t3.f1 = (
+SELECT SUM( f2 )
+FROM t4
+WHERE EXISTS (
+SELECT DISTINCT f4
+FROM t1));
+f2	f1
+drop table t1, t2, t3, t4;
 set optimizer_switch=@subselect4_tmp;
--- a/mysql-test/t/subselect4.test
+++ b/mysql-test/t/subselect4.test
@ -1461,4 +1461,37 @@ WHERE t2.f2 = (SELECT f2 FROM t3

 drop table t1,t2,t3,t4;

+--echo #
+--echo # LP BUG#806943 Second crash with select_describe with nested subqueries in maria-5.3
+--echo #
+
+CREATE TABLE t1 ( f4 int) ;
+INSERT INTO t1 VALUES (0),(0);
+
+CREATE TABLE t2 ( f2 int) ;
+
+CREATE TABLE t3 ( f1 int NOT NULL );
+
+CREATE TABLE t4 ( f2 int, f3 int) ;
+INSERT INTO t4 VALUES (8,0),(3,0);
+
+EXPLAIN SELECT *
+FROM t2, t3
+WHERE t3.f1 = (
+        SELECT SUM( f2 )
+        FROM t4
+        WHERE EXISTS (
+                SELECT DISTINCT f4
+                FROM t1));
+SELECT *
+FROM t2, t3
+WHERE t3.f1 = (
+        SELECT SUM( f2 )
+        FROM t4
+        WHERE EXISTS (
+                SELECT DISTINCT f4
+                FROM t1));
+
+drop table t1, t2, t3, t4;
+
 set optimizer_switch=@subselect4_tmp;
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@ -434,7 +434,7 @@ static bool convert_const_to_int(THD *thd, Item_field *field_item,
      field_item->field_type() != MYSQL_TYPE_YEAR)
    return 1;

-  if ((*item)->const_item())
+  if ((*item)->const_item() && !(*item)->is_expensive())
  {
    TABLE *table= field->table;
    ulong orig_sql_mode= thd->variables.sql_mode;