database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-22779: Crash: Prepared Statement with a '?' parameter inside a re-used CTE

Browse Source 
When a prepared statement parameter '?' is used in a CTE that is used
multiple times, the following happens:
- The CTE definition is re-parsed multiple times.
- There are multiple Item_param objects referring to the same "?" in
the original query.
- Prepared_statement::param has a pointer to the first of them, the
  others are "clones".
- When prepared statement parameter gets the value, it should be passed
  over to clones with param->sync_clones() call.

This call is made in insert_params(), etc. It was not made in
insert_params_with_log().

This would cause Item_param to not have any value which would confuse
the query optimizer.

Added the missing call.
This commit is contained in:
Sergei Petrunia
2020-06-13 16:45:55 +03:00
parent 2cd6afb083
commit 21e79331c8
3 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sql/sql_prepare.cc
View File

@ -903,6 +903,8 @@ static bool insert_params_with_log(Prepared_statement *stmt, uchar *null_array,
if (param->convert_str_value(thd))
DBUG_RETURN(1); /* out of memory */
param->sync_clones();
}
if (acc.finalize())
DBUG_RETURN(1);