From a1e589be9b9e048e6083c49d5a441d57bd76a917 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= <vicentiu@mariadb.org>
Date: Mon, 18 Sep 2017 18:57:17 +0300
Subject: [PATCH] MDEV-13354: Server crashes in find_field_in_tables upon PS
 with window function and subquery

When creating an Item_direct_view_ref we were setting the
Name_resolution_context based on TABLE_LIST::view member variable.
However, for derived tables this member is NULL. To not set a wrong
context, if TABLE_LIST::view is empty, use THD::lex instead.
---
 mysql-test/r/win.result | 11 +++++++++++
 mysql-test/t/win.test   | 11 +++++++++++
 sql/table.cc            |  5 +++--
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/win.result b/mysql-test/r/win.result
index a37f5895ad4..bac00adfe54 100644
--- a/mysql-test/r/win.result
+++ b/mysql-test/r/win.result
@@ -3262,3 +3262,14 @@ is_not_null_lead_order
 1
 0
 drop table t1;
+#
+# MDEV-13354: Server crashes in find_field_in_tables upon PS with window function and subquery
+#
+CREATE TABLE t1 (i INT, a char);
+INSERT INTO t1 VALUES (1, 'a'),(2, 'b');
+PREPARE stmt FROM "SELECT row_number() over (partition by i order by i), i FROM (SELECT * from t1) as sq";
+EXECUTE stmt;
+row_number() over (partition by i order by i)	i
+1	1
+1	2
+DROP TABLE t1;
diff --git a/mysql-test/t/win.test b/mysql-test/t/win.test
index 6de250c9d55..52819061570 100644
--- a/mysql-test/t/win.test
+++ b/mysql-test/t/win.test
@@ -2025,3 +2025,14 @@ FROM t1
 ORDER BY a;
 
 drop table t1;
+
+--echo #
+--echo # MDEV-13354: Server crashes in find_field_in_tables upon PS with window function and subquery
+--echo #
+
+CREATE TABLE t1 (i INT, a char);
+INSERT INTO t1 VALUES (1, 'a'),(2, 'b');
+PREPARE stmt FROM "SELECT row_number() over (partition by i order by i), i FROM (SELECT * from t1) as sq";
+EXECUTE stmt;
+
+DROP TABLE t1;
diff --git a/sql/table.cc b/sql/table.cc
index e80a938ee72..a612772b39f 100644
--- a/sql/table.cc
+++ b/sql/table.cc
@@ -5766,9 +5766,10 @@ Item *create_view_field(THD *thd, TABLE_LIST *view, Item **field_ref,
   {
     DBUG_RETURN(field);
   }
+  Name_resolution_context *context= view->view ? &view->view->select_lex.context :
+                                    &thd->lex->select_lex.context;
   Item *item= (new (thd->mem_root)
-               Item_direct_view_ref(thd, &view->view->select_lex.context,
-                                    field_ref, view->alias,
+               Item_direct_view_ref(thd, context, field_ref, view->alias,
                                     name, view));
   /*
     Force creation of nullable item for the result tmp table for outer joined