MDEV-28617 Crash with INSERT...SELECT using derived table in GROUP BY clause

This bug manifested itself for INSERT...SELECT and DELETE statements whose WHERE condition used an IN/ANY/ALL predicand or a EXISTS predicate with such grouping subquery that: - its GROUP BY clause could be eliminated, - the GROUP clause contained a subquery over a mergeable derived table referencing the updated table. The bug ultimately caused a server crash when the prepare phase of the statement processing was executed. This happened after removal redundant subqueries used in the eliminated GROUP BY clause from the statement tree. The function that excluded the subqueries from the did not do it properly. As a result the specification of any derived table contained in a removed subquery was not marked as excluded. Approved by Oleksandr Byelkin <sanja@mariadb.com>
2025-07-29 05:21:33 +03:00 · 2022-08-01 20:52:10 -07:00
parent 07a670b884
commit c2300d06f7
3 changed files with 175 additions and 3 deletions
--- a/mysql-test/main/insert_select.test
+++ b/mysql-test/main/insert_select.test
@ -514,3 +514,85 @@ DROP TABLE t1, t2;
 DROP PROCEDURE p1;

 --echo # End of 10.2 test
+
+--echo #
+--echo # MDEV-28617: INSERT ... SELECT with redundant IN subquery in GROUP BY
+--echo #             list that uses mergeable derived table containing
+--echo #             reference to target table
+--echo #
+
+create table t1 (a int);
+create table t2 (b int);
+create table t3 (c int);
+
+insert into t1 values (3), (1);
+insert into t2 values (3), (2);
+insert into t3 values (4), (2);
+
+insert into t1
+select b from t2
+  where b in (select c from t3
+              group by (select * from (select a from t1) dt where a = 1));
+select * from t1;
+
+delete from t1;
+insert into t1 values (3), (1);
+
+insert into t1
+select b from t2
+  where b >= any (select c from t3
+                  group by (select * from (select a from t1) dt where a = 1));
+select * from t1;
+
+delete from t1;
+insert into t1 values (3), (1);
+
+insert into t1
+select b from t2
+  where b <= all (select c from t3
+                  group by (select * from (select a from t1) dt where a = 1));
+select * from t1;
+
+delete from t1;
+insert into t1 values (3), (1);
+
+insert into t1
+select b from t2
+  where exists (select c from t3
+                group by (select * from (select a from t1) dt where a = 1));
+select * from t1;
+
+delete from t1;
+insert into t1 values (3), (1);
+
+prepare stmt from "
+insert into t1
+select b from t2
+  where b in (select c from t3
+              group by (select * from (select a from t1) dt where a = 1));
+";
+
+execute stmt;
+select * from t1;
+
+delete from t1;
+insert into t1 values (3), (1);
+
+execute stmt;
+select * from t1;
+
+delete from t1;
+insert into t1 values (3), (1);
+
+delete from t1
+  where exists (select b from t2
+                  where b in (select c from t3
+                              group by (select * from (select a from t1) dt
+                                           where a = 1)));
+select * from t1;
+
+deallocate prepare stmt;
+
+drop table t1,t2,t3;
+
+--echo # End of 10.3 test