From 874bb251372d60243d44e2ba74f0237bc88ec8c2 Mon Sep 17 00:00:00 2001
From: unknown <sanja@montyprogram.com>
Date: Thu, 4 Jul 2013 18:37:55 +0300
Subject: [PATCH] MDEV-4752: Segfault during parsing of illegal query

Fix of nested join parsing of illegal query.
---
 mysql-test/r/join.result | 5 +++++
 mysql-test/t/join.test   | 7 +++++++
 sql/sql_parse.cc         | 2 ++
 sql/sql_yacc.yy          | 3 +++
 4 files changed, 17 insertions(+)

diff --git a/mysql-test/r/join.result b/mysql-test/r/join.result
index ba16d7dd9de..979117fd1b3 100644
--- a/mysql-test/r/join.result
+++ b/mysql-test/r/join.result
@@ -1472,4 +1472,9 @@ dog_id	dog_id	birthday	dog_id	t_id	birthday	dog_id	t_id	birthday	a_id	dog_id
 5918	5918	2004-07-22	5918	N	2004-07-22	5918	N	2004-07-22	5992424	5918
 SET optimizer_switch=@tmp_optimizer_switch;
 DROP TABLE t1,t2,t3,t4,t5;
+#
+# MDEV-4752: Segfault during parsing of illegal query
+#
+SELECT * FROM t5 JOIN (t1 JOIN t2 UNION SELECT * FROM t3 JOIN t4);
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1
 SET optimizer_switch=@save_optimizer_switch;
diff --git a/mysql-test/t/join.test b/mysql-test/t/join.test
index 907d39e95fe..e42cbc82745 100644
--- a/mysql-test/t/join.test
+++ b/mysql-test/t/join.test
@@ -1135,4 +1135,11 @@ SET optimizer_switch=@tmp_optimizer_switch;
 
 DROP TABLE t1,t2,t3,t4,t5;
 
+--echo #
+--echo # MDEV-4752: Segfault during parsing of illegal query
+--echo #
+--error ER_PARSE_ERROR
+SELECT * FROM t5 JOIN (t1 JOIN t2 UNION SELECT * FROM t3 JOIN t4);
+
+
 SET optimizer_switch=@save_optimizer_switch;
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 87556a8a0ad..6db3a8eff3f 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -6276,6 +6276,8 @@ TABLE_LIST *st_select_lex::nest_last_join(THD *thd)
   for (uint i=0; i < 2; i++)
   {
     TABLE_LIST *table= join_list->pop();
+    if (!table)
+      DBUG_RETURN(NULL);
     table->join_list= embedded_list;
     table->embedding= ptr;
     embedded_list->push_back(table);
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index c621c61aff3..08972afbf9a 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -9600,7 +9600,10 @@ table_ref:
           {
             LEX *lex= Lex;
             if (!($$= lex->current_select->nest_last_join(lex->thd)))
+            {
+              my_parse_error(ER(ER_SYNTAX_ERROR));
               MYSQL_YYABORT;
+            }
           }
         ;