database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

MDEV-29361 Infinite recursive calls when detecting CTE dependencies

Browse Source 
This patch resolves the problem of improper name resolution of table
references to embedded CTEs for some queries. This improper binding could
lead to
  - infinite sequence of calls of recursive functions
  - crashes due to resolution of null pointers
  - wrong result sets returned by queries
  - bogus error messages

If the definition of a CTE contains with clauses then such CTE is called
embedding CTE while CTEs from the with clauses are called embedded CTEs.
If a table reference used in the definition of an embedded CTE cannot be
resolved within the unit that contains this reference it still may be
resolved against a CTE definition from the with clause with one of the
embedding CTEs.
A table reference can be resolved against a CTE definition if it used in
the the scope of this definition and it refers to the name of the CTE.
Table reference t is in the scope of the CTE definition of CTE cte if
- the definition of cte is an element of a with clause declared as
  RECURSIVE and the reference t belongs either to the unit to which
  this with clause is attached or to one of the elements of this clause
- the definition of cte is an element of a with clause without RECURSIVE
  specifier and the reference t belongs either to the unit to which this
  with clause is attached or to one of the elements from this clause that
  are placed before the definition of cte.
If a table reference can be resolved against several CTE definitions then
it is bound to the most embedded.

The code before this patch not always resolved table references used in
embedded CTE according to the above rules.

Approved by Oleksandr Byelkin <sanja@mariadb.com>
This commit is contained in:
Igor Babaev
2022-09-22 21:40:33 -07:00
parent 9de9f105b5
commit 28ae361857
6 changed files with 1342 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
sql/sql_cte.h
View File

@ -391,10 +391,24 @@ public:
bool add_with_element(With_element *elem);
/* Add this with clause to the list of with clauses used in the statement */
void add_to_list(With_clause ** &last_next)
void add_to_list(With_clause **ptr, With_clause ** &last_next)
{
*last_next= this;
last_next= &this->next_with_clause;
if (embedding_with_clause)
{
/*
An embedded with clause is always placed before the embedding one
in the list of with clauses used in the query.
*/
while (*ptr != embedding_with_clause)
ptr= &(*ptr)->next_with_clause;
*ptr= this;
next_with_clause= embedding_with_clause;
}
else
{
*last_next= this;
last_next= &this->next_with_clause;
}
}
void set_owner(st_select_lex_unit *unit) { owner= unit; }