From d028d986a9a0a53567f1eda29d407a6d73bb8733 Mon Sep 17 00:00:00 2001
From: Sergey Petrunya <psergey@askmonty.org>
Date: Mon, 12 Mar 2012 17:41:22 +0400
Subject: [PATCH] BUG#952297: Server crashes on 2nd execution of PS in
 Field::is_null with semijoin+materialization - The bug would show up    -
 when using PS (so that we get re-execution)    - the left_expr of the
 subquery is a reference to viewname.column_name, so that it crashes      
 when one tries to use it without having called fix_fields for it.    - when
 using SJ-Materialization, which makes use of sj_subq_pred->left_expr
 expression

- The fix is to have setup_conds() fix sj_subq_pred->left_expr for semi-join nests it finds.
---
 mysql-test/r/subselect_mat.result    | 22 ++++++++++++++++++++++
 mysql-test/r/subselect_sj_mat.result | 22 ++++++++++++++++++++++
 mysql-test/t/subselect_sj_mat.test   | 22 ++++++++++++++++++++++
 sql/sql_base.cc                      | 11 +++++++++++
 4 files changed, 77 insertions(+)

diff --git a/mysql-test/r/subselect_mat.result b/mysql-test/r/subselect_mat.result
index b7cc7e8a3ed..9a49f74ec42 100644
--- a/mysql-test/r/subselect_mat.result
+++ b/mysql-test/r/subselect_mat.result
@@ -1912,6 +1912,28 @@ WHERE a IN (SELECT MAX(c) FROM t2 WHERE c < 4) AND b=7 AND (a IS NULL OR a=b);
 a	b
 SET optimizer_switch=@save_optimizer_switch;
 DROP TABLE t1,t2;
+#
+# BUG#952297: Server crashes on 2nd execution of PS in Field::is_null with semijoin+materialization
+#
+CREATE TABLE t1 ( a VARCHAR(1) );
+INSERT INTO t1 VALUES ('y'),('z');
+CREATE TABLE t2 ( b VARCHAR(1), c VARCHAR(1) );
+INSERT INTO t2 VALUES ('v','v'),('v','v');
+CREATE VIEW v2 AS SELECT * FROM t2;
+PREPARE ps FROM '
+SELECT a FROM t1, v2
+WHERE ( c, b ) IN ( SELECT b, b FROM t2 )
+GROUP BY a ';
+EXECUTE ps;
+a
+y
+z
+EXECUTE ps;
+a
+y
+z
+DROP VIEW v2;
+DROP TABLE t1, t2;
 # This must be at the end:
 set optimizer_switch=@subselect_sj_mat_tmp;
 set join_cache_level=@save_join_cache_level;
diff --git a/mysql-test/r/subselect_sj_mat.result b/mysql-test/r/subselect_sj_mat.result
index 9a238eaaccd..d737cbd71d1 100644
--- a/mysql-test/r/subselect_sj_mat.result
+++ b/mysql-test/r/subselect_sj_mat.result
@@ -1950,6 +1950,28 @@ WHERE a IN (SELECT MAX(c) FROM t2 WHERE c < 4) AND b=7 AND (a IS NULL OR a=b);
 a	b
 SET optimizer_switch=@save_optimizer_switch;
 DROP TABLE t1,t2;
+#
+# BUG#952297: Server crashes on 2nd execution of PS in Field::is_null with semijoin+materialization
+#
+CREATE TABLE t1 ( a VARCHAR(1) );
+INSERT INTO t1 VALUES ('y'),('z');
+CREATE TABLE t2 ( b VARCHAR(1), c VARCHAR(1) );
+INSERT INTO t2 VALUES ('v','v'),('v','v');
+CREATE VIEW v2 AS SELECT * FROM t2;
+PREPARE ps FROM '
+SELECT a FROM t1, v2
+WHERE ( c, b ) IN ( SELECT b, b FROM t2 )
+GROUP BY a ';
+EXECUTE ps;
+a
+y
+z
+EXECUTE ps;
+a
+y
+z
+DROP VIEW v2;
+DROP TABLE t1, t2;
 # This must be at the end:
 set optimizer_switch=@subselect_sj_mat_tmp;
 set join_cache_level=@save_join_cache_level;
diff --git a/mysql-test/t/subselect_sj_mat.test b/mysql-test/t/subselect_sj_mat.test
index 252fbb525eb..78dad76738c 100644
--- a/mysql-test/t/subselect_sj_mat.test
+++ b/mysql-test/t/subselect_sj_mat.test
@@ -1602,6 +1602,28 @@ SET optimizer_switch=@save_optimizer_switch;
 
 DROP TABLE t1,t2;
 
+--echo #
+--echo # BUG#952297: Server crashes on 2nd execution of PS in Field::is_null with semijoin+materialization
+--echo #
+CREATE TABLE t1 ( a VARCHAR(1) );
+INSERT INTO t1 VALUES ('y'),('z');
+
+CREATE TABLE t2 ( b VARCHAR(1), c VARCHAR(1) );
+INSERT INTO t2 VALUES ('v','v'),('v','v');
+
+CREATE VIEW v2 AS SELECT * FROM t2;
+
+PREPARE ps FROM '
+SELECT a FROM t1, v2
+WHERE ( c, b ) IN ( SELECT b, b FROM t2 )
+GROUP BY a ';
+
+EXECUTE ps;
+EXECUTE ps;
+
+DROP VIEW v2;
+DROP TABLE t1, t2;
+
 --echo # This must be at the end:
 set optimizer_switch=@subselect_sj_mat_tmp;
 set join_cache_level=@save_join_cache_level;
diff --git a/sql/sql_base.cc b/sql/sql_base.cc
index 95a149741de..80828b3d554 100644
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -8497,6 +8497,17 @@ int setup_conds(THD *thd, TABLE_LIST *tables, List<TABLE_LIST> &leaves,
 	  goto err_no_arena;
         select_lex->cond_count++;
       }
+      /*
+        If it's a semi-join nest, fix its "left expression", as it is used by
+        the SJ-Materialization
+      */
+      if (embedded->sj_subq_pred)
+      {
+        Item **left_expr= &embedded->sj_subq_pred->left_expr;
+        if (!(*left_expr)->fixed && (*left_expr)->fix_fields(thd, left_expr))
+          goto err_no_arena;
+      }
+
       embedding= embedded->embedding;
     }
     while (embedding &&