From 41ef34356c74c280c1d615e773ce32843aa9966b Mon Sep 17 00:00:00 2001
From: "evgen@moonbone.local" <>
Date: Wed, 11 Jan 2006 23:39:09 +0300
Subject: [PATCH] Fixed bug #15538: unchecked table absence caused server
 crash.

Absence of table in left part of LEFT/RIGHT join wasn't checked before
name resolution which resulted in NULL dereferencing and server crash.

Modified rules:
"table_ref LEFT opt_outer JOIN_SYM table_ref" and "table_ref RIGHT opt_outer
JOIN_SYM table_ref"
NULL check is moved before push_new_name_resolution_context()
---
 mysql-test/r/select.result | 2 ++
 mysql-test/t/select.test   | 6 ++++++
 sql/sql_yacc.yy            | 4 ++--
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/select.result b/mysql-test/r/select.result
index e2c4609d902..943ab88223c 100644
--- a/mysql-test/r/select.result
+++ b/mysql-test/r/select.result
@@ -3345,3 +3345,5 @@ select * from t1 left join t2 on f1=t2.f2 where t1.f2='a';
 f1	f2	f2
 NULL	a	NULL
 drop table t1,t2;
+select * from (select * left join t on f1=f2) tt;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'on f1=f2) tt' at line 1
diff --git a/mysql-test/t/select.test b/mysql-test/t/select.test
index a85b82a7767..53f82690888 100644
--- a/mysql-test/t/select.test
+++ b/mysql-test/t/select.test
@@ -2815,3 +2815,9 @@ create table t2 (f2 char not null);
 insert into t2 values('b');
 select * from t1 left join t2 on f1=t2.f2 where t1.f2='a';
 drop table t1,t2;
+
+#
+# Bug#15538 unchecked table absense caused server crash.
+#
+--error 1064
+select * from (select * left join t on f1=f2) tt;
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 25e10362ece..f1a00fca383 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -5248,13 +5248,13 @@ join_table:
 	| table_ref LEFT opt_outer JOIN_SYM table_ref
           ON
           {
+            YYERROR_UNLESS($1 && $5);
             /* Change the current name resolution context to a local context. */
             if (push_new_name_resolution_context(YYTHD, $1, $5))
               YYABORT;
           }
           expr
 	  {
-            YYERROR_UNLESS($1 && $5);
             add_join_on($5,$8);
             Lex->pop_context();
             $5->outer_join|=JOIN_TYPE_LEFT;
@@ -5279,6 +5279,7 @@ join_table:
 	| table_ref RIGHT opt_outer JOIN_SYM table_ref
           ON
           {
+            YYERROR_UNLESS($1 && $5);
             /* Change the current name resolution context to a local context. */
             if (push_new_name_resolution_context(YYTHD, $1, $5))
               YYABORT;
@@ -5286,7 +5287,6 @@ join_table:
           expr
           {
 	    LEX *lex= Lex;
-            YYERROR_UNLESS($1 && $5);
             if (!($$= lex->current_select->convert_right_join()))
               YYABORT;
             add_join_on($$, $8);