diff --git a/mysql-test/r/subselect_sj.result b/mysql-test/r/subselect_sj.result index 1d0aae275ed..96ddb12521b 100644 --- a/mysql-test/r/subselect_sj.result +++ b/mysql-test/r/subselect_sj.result @@ -2628,4 +2628,15 @@ id select_type table type possible_keys key key_len ref rows Extra 1 PRIMARY t3 ALL NULL NULL NULL NULL 100 Using where; Using join buffer (flat, BNL join) drop table t0,t1,t3; set optimizer_switch= @tmp_923246; +# +# BUG#952583: Server crashes in Item_field::fix_after_pullout on INSERT .. SELECT +# +CREATE TABLE t1 ( a INT ); +INSERT INTO t1 VALUES (1),(2); +CREATE TABLE t2 ( b INT ); +INSERT INTO t2 VALUES (3),(4); +INSERT INTO t1 +SELECT * FROM ( SELECT * FROM t1 ) AS alias +WHERE a IN ( SELECT b FROM t2 ); +DROP TABLE t1, t2; set optimizer_switch=@subselect_sj_tmp; diff --git a/mysql-test/r/subselect_sj_jcl6.result b/mysql-test/r/subselect_sj_jcl6.result index baa2aec8aea..b6e87bfeec3 100644 --- a/mysql-test/r/subselect_sj_jcl6.result +++ b/mysql-test/r/subselect_sj_jcl6.result @@ -2642,6 +2642,17 @@ id select_type table type possible_keys key key_len ref rows Extra 1 PRIMARY t3 ALL NULL NULL NULL NULL 100 Using where; Using join buffer (flat, BNL join) drop table t0,t1,t3; set optimizer_switch= @tmp_923246; +# +# BUG#952583: Server crashes in Item_field::fix_after_pullout on INSERT .. SELECT +# +CREATE TABLE t1 ( a INT ); +INSERT INTO t1 VALUES (1),(2); +CREATE TABLE t2 ( b INT ); +INSERT INTO t2 VALUES (3),(4); +INSERT INTO t1 +SELECT * FROM ( SELECT * FROM t1 ) AS alias +WHERE a IN ( SELECT b FROM t2 ); +DROP TABLE t1, t2; set optimizer_switch=@subselect_sj_tmp; # # BUG#49129: Wrong result with IN-subquery with join_cache_level=6 and firstmatch=off diff --git a/mysql-test/t/subselect_sj.test b/mysql-test/t/subselect_sj.test index 6b8a757b9e8..fe290cf4a97 100644 --- a/mysql-test/t/subselect_sj.test +++ b/mysql-test/t/subselect_sj.test @@ -2331,5 +2331,19 @@ explain select * from t3 where a in (select kp1 from t1 where kp1<20); drop table t0,t1,t3; set optimizer_switch= @tmp_923246; +--echo # +--echo # BUG#952583: Server crashes in Item_field::fix_after_pullout on INSERT .. SELECT +--echo # +CREATE TABLE t1 ( a INT ); +INSERT INTO t1 VALUES (1),(2); +CREATE TABLE t2 ( b INT ); +INSERT INTO t2 VALUES (3),(4); + +INSERT INTO t1 +SELECT * FROM ( SELECT * FROM t1 ) AS alias +WHERE a IN ( SELECT b FROM t2 ); + +DROP TABLE t1, t2; + # The following command must be the last one the file set optimizer_switch=@subselect_sj_tmp; diff --git a/sql/item.cc b/sql/item.cc index f9bbc4aeead..8169e1d35b4 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -2436,17 +2436,20 @@ void Item_field::fix_after_pullout(st_select_lex *new_parent, Item **ref) { if (new_parent == get_depended_from()) depended_from= NULL; - Name_resolution_context *ctx= new Name_resolution_context(); - ctx->outer_context= NULL; // We don't build a complete name resolver - ctx->table_list= NULL; // We rely on first_name_resolution_table instead - ctx->select_lex= new_parent; - ctx->first_name_resolution_table= context->first_name_resolution_table; - ctx->last_name_resolution_table= context->last_name_resolution_table; - ctx->error_processor= context->error_processor; - ctx->error_processor_data= context->error_processor_data; - ctx->resolve_in_select_list= context->resolve_in_select_list; - ctx->security_ctx= context->security_ctx; - this->context=ctx; + if (context) + { + Name_resolution_context *ctx= new Name_resolution_context(); + ctx->outer_context= NULL; // We don't build a complete name resolver + ctx->table_list= NULL; // We rely on first_name_resolution_table instead + ctx->select_lex= new_parent; + ctx->first_name_resolution_table= context->first_name_resolution_table; + ctx->last_name_resolution_table= context->last_name_resolution_table; + ctx->error_processor= context->error_processor; + ctx->error_processor_data= context->error_processor_data; + ctx->resolve_in_select_list= context->resolve_in_select_list; + ctx->security_ctx= context->security_ctx; + this->context=ctx; + } }