From f439cfdf93691d451a2efe075a90526bd67b8278 Mon Sep 17 00:00:00 2001 From: Dmitry Shulga Date: Tue, 12 Jul 2022 17:18:48 +0700 Subject: [PATCH] MDEV-22001: Server crashes in st_select_lex_unit::exclude_level upon execution of SP Running some statements that use IN subqueries outside context of a regular query could result in server abnormal termination. The reason for failure is that internal structures SELECT_LEX/SELECT_LEX_UNIT created on behalf of parsed query were initialized incorrectly. Incorrect initialization of the structures SELECT_LEX/SELECT_LEX_UNIT was introduced by the commit de745ecf29721795710910a19bd0ea3389da804c (MDEV-11953: support of brackets in UNION/EXCEPT/INTERSECT operations) pushed into 10.4, that is the reason this bug report is not reproduced in 10.3. To fix the issue the method SLECTE_LEX::register_unit is used for proper initialization of the data structures SELECT_LEX/SELECT_LEX_UNIT. Additionally, the method SELECT_LEX::get_slave() was removed from the source code base since for those use cases where it is used it can be replaced by the method first_inner_unit(). --- mysql-test/main/sp-bugs.result | 10 ++++++++++ mysql-test/main/sp-bugs.test | 15 +++++++++++++++ sql/sql_lex.cc | 12 +++++++----- sql/sql_lex.h | 1 - 4 files changed, 32 insertions(+), 6 deletions(-) diff --git a/mysql-test/main/sp-bugs.result b/mysql-test/main/sp-bugs.result index 8c6788d03f4..a166a5a0a9a 100644 --- a/mysql-test/main/sp-bugs.result +++ b/mysql-test/main/sp-bugs.result @@ -353,3 +353,13 @@ drop table _t1; # # End of 10.3 tests # +# +# MDEV-22001: Server crashes in st_select_lex_unit::exclude_level upon execution of SP +# +BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR 2 ; END $ +BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR (SELECT 2) ; END $ +KILL (('x' IN ( SELECT 1)) MOD 44); +ERROR HY000: Unknown thread id: 0 +# +# End of 10.4 tests +# diff --git a/mysql-test/main/sp-bugs.test b/mysql-test/main/sp-bugs.test index 9b81fd1af61..18fe14dc8bc 100644 --- a/mysql-test/main/sp-bugs.test +++ b/mysql-test/main/sp-bugs.test @@ -371,3 +371,18 @@ drop table _t1; --echo # --echo # End of 10.3 tests --echo # + +--echo # +--echo # MDEV-22001: Server crashes in st_select_lex_unit::exclude_level upon execution of SP +--echo # +--delimiter $ +BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR 2 ; END $ +BEGIN NOT ATOMIC DECLARE a INT DEFAULT 0 IN ( SELECT 1 ) OR (SELECT 2) ; END $ +--delimiter ; + +--error ER_NO_SUCH_THREAD +KILL (('x' IN ( SELECT 1)) MOD 44); + +--echo # +--echo # End of 10.4 tests +--echo # diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 9555c4d7a28..b2283e5c77d 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -9684,11 +9684,13 @@ void LEX::relink_hack(st_select_lex *select_lex) { if (!select_stack_top) // Statements of the second type { - if (!select_lex->get_master()->get_master()) - ((st_select_lex *) select_lex->get_master())-> - set_master(&builtin_select); - if (!builtin_select.get_slave()) - builtin_select.set_slave(select_lex->get_master()); + if (!select_lex->outer_select() && + !builtin_select.first_inner_unit()) + { + builtin_select.register_unit(select_lex->master_unit(), + &builtin_select.context); + builtin_select.add_statistics(select_lex->master_unit()); + } } } diff --git a/sql/sql_lex.h b/sql/sql_lex.h index 09e0df2edca..d798bceeeda 100644 --- a/sql/sql_lex.h +++ b/sql/sql_lex.h @@ -738,7 +738,6 @@ public: } inline st_select_lex_node* get_master() { return master; } - inline st_select_lex_node* get_slave() { return slave; } void include_down(st_select_lex_node *upper); void add_slave(st_select_lex_node *slave_arg); void include_neighbour(st_select_lex_node *before);