database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-26412 Server crash in Item_field::fix_outer_field for INSERT SELECT

Browse Source 
IF an INSERT/REPLACE SELECT statement contained an ON expression in the top
level select and this expression used a subquery with a column reference
that could not be resolved then an attempt to resolve this reference as
an outer reference caused a crash of the server. This happened because the
outer context field in the Name_resolution_context structure was not set
to NULL for such references. Rather it pointed to the first element in
the select_stack.

Note that starting from 10.4 we cannot use the SELECT_LEX::outer_select()
method when parsing a SELECT construct.

Approved by Oleksandr Byelkin <sanja@mariadb.com>
This commit is contained in:
Igor Babaev
2022-04-25 18:08:57 -07:00
parent fccca49997
commit 39feab3cd3
6 changed files with 59 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sql/sql_parse.cc
View File

@ -9015,9 +9015,7 @@ push_new_name_resolution_context(THD *thd,
right_op->last_leaf_for_name_resolution();
LEX *lex= thd->lex;
on_context->select_lex = lex->current_select;
st_select_lex *curr_select= lex->pop_select();
st_select_lex *outer_sel= lex->select_stack_head();
lex->push_select(curr_select);
st_select_lex *outer_sel= lex->parser_current_outer_select();
on_context->outer_context = outer_sel ? &outer_sel->context : 0;
return lex->push_context(on_context);
}