MDEV-23160: SIGSEGV in Explain_node::print_explain_for_children on UNION SELECT

and also MDEV-25564, MDEV-18157. Attempt to produce EXPLAIN output caused a crash in Explain_node::print_explain_for_children. The cause of this was that an Explain_node (actually a derived) had a link to child select#N, but there was no query plan present for select#N. The query plan wasn't present because the subquery was eliminated. - Either it was a degenerate subquery like "(SELECT 1)" in MDEV-25564. - Or it was a subquery in a UNION subquery's ORDER BY clause: col IN (SELECT ... UNION SELECT ... ORDER BY (SELECT FROM t1)) In such cases, legacy code structure in subquery/union processing code(*) makes it hard to detect that the subquery was eliminated, so we end up with EXPLAIN data structures (Explain_node::children) having dangling links to child subqueries. Do make the checks and don't follow the dangling links. (In ideal world, we should not have these dangling links. But fixing the code (*) would have high risk for the stable versions).
2025-07-29 05:21:33 +03:00 · 2022-10-21 12:04:00 +03:00
parent 0c06320ae9
commit 6bc2e93381
3 changed files with 90 additions and 2 deletions
--- a/mysql-test/main/explain.test
+++ b/mysql-test/main/explain.test
@ -333,3 +333,34 @@ explain replace into t2 select 100, (select a from t1);
 drop table t1, t2;

 --echo # End of 10.1 tests
+
+--echo #
+--echo # End of 10.2 test
+--echo #
+
+--echo #
+--echo # MDEV-25564: Server crashed on running some EXPLAIN statements
+--echo #
+
+EXPLAIN (SELECT 1,3) UNION (SELECT 2,1) ORDER BY (SELECT 2);
+
+--echo #
+--echo # MDEV-23160: SIGSEGV in Explain_node::print_explain_for_children on UNION SELECT
+--echo #
+
+CREATE TABLE t1 (a INT);
+INSERT INTO t1 VALUES (1),(2),(3);
+
+EXPLAIN
+SELECT *
+FROM t1
+WHERE
+  a IN (SELECT a FROM t1
+        UNION
+        SELECT a FROM t1 ORDER BY (SELECT a))
+UNION
+  SELECT * FROM t1 ORDER BY (SELECT a);
+drop table t1;
+
+explain
+VALUES ( (VALUES (2))) UNION VALUES ( (SELECT 3));