database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-22464 Server crash on UPDATE with nested subquery

Browse Source 
Uninitialized ref_pointer_array[] because setup_fields() got empty
fields list.  mysql_multi_update() for some reason does that by
substituting the fields list with empty total_list for the
mysql_select() call (looks like wrong merge since total_list is not
used anywhere else and is always empty). The fix would be to return
back the original fields list. But this fails update_use_source.test
case:

  --error ER_BAD_FIELD_ERROR
  update v1 set t1c1=2 order by 1;

Actually not failing the above seems to be ok.

The other fix would be to keep resolve_in_select_list false (and that
keeps outer context from being resolved in
Item_ref::fix_fields()). This fix is more consistent with how SELECT
behaves:

  --error ER_SUBQUERY_NO_1_ROW
  select a from t1 where a= (select 2 from t1 having (a = 3));

So this patch implements this fix.
This commit is contained in:
Aleksey Midenkov
2021-10-11 13:36:07 +03:00
parent 1e70b287e7
commit ff77a09bda
3 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
mysql-test/main/multi_update.result
View File

@ -1151,3 +1151,13 @@ b
1 1
3 3
drop tables t1, t2; drop tables t1, t2;
#
# MDEV-22464 Server crash on UPDATE with nested subquery
#
create table t1 (a int) ;
insert into t1 (a) values (1),(2),(3) ;
select a from t1 where a= (select 2 from t1 having (a = 3));
ERROR 21000: Subquery returns more than 1 row
update t1 set a= (select 2 from t1 having (a = 3));
ERROR 21000: Subquery returns more than 1 row
drop tables t1;

11
mysql-test/main/multi_update.test
View File

@ -1087,3 +1087,14 @@ update t1 left join t2 on a = b set b= 3 order by b;
select * from t2; select * from t2;
drop tables t1, t2; drop tables t1, t2;
--echo #
--echo # MDEV-22464 Server crash on UPDATE with nested subquery
--echo #
create table t1 (a int) ;
insert into t1 (a) values (1),(2),(3) ;
--error ER_SUBQUERY_NO_1_ROW
select a from t1 where a= (select 2 from t1 having (a = 3));
--error ER_SUBQUERY_NO_1_ROW
update t1 set a= (select 2 from t1 having (a = 3));
drop tables t1;

3
sql/sql_select.cc
View File

@ -4268,7 +4268,8 @@ mysql_select(THD *thd,
bool free_join= 1; bool free_join= 1;
DBUG_ENTER("mysql_select"); DBUG_ENTER("mysql_select");
select_lex->context.resolve_in_select_list= TRUE; if (!fields.is_empty())
select_lex->context.resolve_in_select_list= true;
JOIN *join; JOIN *join;
if (select_lex->join != 0) if (select_lex->join != 0)
{ {