From 79452f32b068f21807ec17ecb25d886bb467e0d7 Mon Sep 17 00:00:00 2001
From: Adriano dos Santos Fernandes <adrianosf@gmail.com>
Date: Sun, 16 Feb 2025 11:19:56 -0300
Subject: [PATCH] Fix #8437 - Segmentation fault when running query with
 partition by and subquery

---
 src/dsql/ExprNodes.cpp | 29 +++++++++++++----------------
 src/dsql/ExprNodes.h   |  4 ++--
 2 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/src/dsql/ExprNodes.cpp b/src/dsql/ExprNodes.cpp
index ef47c1c840d..a3bea846d49 100644
--- a/src/dsql/ExprNodes.cpp
+++ b/src/dsql/ExprNodes.cpp
@@ -10900,10 +10900,10 @@ static RegisterNode<SubQueryNode> regSubQueryNode({
 	blr_via, blr_from, blr_average, blr_count, blr_maximum, blr_minimum, blr_total
 });
 
-SubQueryNode::SubQueryNode(MemoryPool& pool, UCHAR aBlrOp, RecordSourceNode* aDsqlRse,
+SubQueryNode::SubQueryNode(MemoryPool& pool, UCHAR aBlrOp, SelectExprNode* aDsqlSelectExpr,
 			ValueExprNode* aValue1, ValueExprNode* aValue2)
 	: TypedNode<ValueExprNode, ExprNode::TYPE_SUBQUERY>(pool),
-	  dsqlRse(aDsqlRse),
+	  dsqlSelectExpr(aDsqlSelectExpr),
 	  value1(aValue1),
 	  value2(aValue2),
 	  subQuery(NULL),
@@ -10946,11 +10946,7 @@ void SubQueryNode::getChildren(NodeRefsHolder& holder, bool dsql) const
 {
 	ValueExprNode::getChildren(holder, dsql);
 
-	if (dsql)
-		holder.add(dsqlRse);
-	else
-		holder.add(rse);
-
+	holder.add(rse);
 	holder.add(value1);
 	holder.add(value2);
 }
@@ -10961,7 +10957,7 @@ string SubQueryNode::internalPrint(NodePrinter& printer) const
 
 	NODE_PRINT(printer, blrOp);
 	NODE_PRINT(printer, ownSavepoint);
-	NODE_PRINT(printer, dsqlRse);
+	NODE_PRINT(printer, dsqlSelectExpr);
 	NODE_PRINT(printer, rse);
 	NODE_PRINT(printer, value1);
 	NODE_PRINT(printer, value2);
@@ -10980,10 +10976,11 @@ ValueExprNode* SubQueryNode::dsqlPass(DsqlCompilerScratch* dsqlScratch)
 
 	const DsqlContextStack::iterator base(*dsqlScratch->context);
 
-	RseNode* rse = PASS1_rse(dsqlScratch, nodeAs<SelectExprNode>(dsqlRse), false);
+	RseNode* rse = PASS1_rse(dsqlScratch, dsqlSelectExpr, false);
 
-	SubQueryNode* node = FB_NEW_POOL(dsqlScratch->getPool()) SubQueryNode(dsqlScratch->getPool(), blrOp, rse,
+	SubQueryNode* node = FB_NEW_POOL(dsqlScratch->getPool()) SubQueryNode(dsqlScratch->getPool(), blrOp, dsqlSelectExpr,
 		rse->dsqlSelectList->items[0], NullNode::instance());
+	node->rse = rse;
 
 	// Finish off by cleaning up contexts.
 	dsqlScratch->context->clear(base);
@@ -10999,7 +10996,7 @@ void SubQueryNode::setParameterName(dsql_par* parameter) const
 void SubQueryNode::genBlr(DsqlCompilerScratch* dsqlScratch)
 {
 	dsqlScratch->appendUChar(blrOp);
-	GEN_expr(dsqlScratch, dsqlRse);
+	GEN_expr(dsqlScratch, rse);
 	GEN_expr(dsqlScratch, value1);
 	GEN_expr(dsqlScratch, value2);
 }
@@ -11015,12 +11012,12 @@ void SubQueryNode::make(DsqlCompilerScratch* dsqlScratch, dsc* desc)
 
 bool SubQueryNode::dsqlAggregateFinder(AggregateFinder& visitor)
 {
-	return !visitor.ignoreSubSelects && visitor.visit(dsqlRse);
+	return !visitor.ignoreSubSelects && visitor.visit(rse);
 }
 
 bool SubQueryNode::dsqlAggregate2Finder(Aggregate2Finder& visitor)
 {
-	return visitor.visit(dsqlRse);	// Pass only the rse.
+	return visitor.visit(rse);	// Pass only the rse.
 }
 
 bool SubQueryNode::dsqlSubSelectFinder(SubSelectFinder& /*visitor*/)
@@ -11030,13 +11027,13 @@ bool SubQueryNode::dsqlSubSelectFinder(SubSelectFinder& /*visitor*/)
 
 bool SubQueryNode::dsqlFieldFinder(FieldFinder& visitor)
 {
-	return visitor.visit(dsqlRse);	// Pass only the rse.
+	return visitor.visit(rse);	// Pass only the rse.
 }
 
 ValueExprNode* SubQueryNode::dsqlFieldRemapper(FieldRemapper& visitor)
 {
-	doDsqlFieldRemapper(visitor, dsqlRse);
-	value1 = nodeAs<RseNode>(dsqlRse)->dsqlSelectList->items[0];
+	doDsqlFieldRemapper(visitor, rse);
+	value1 = rse->dsqlSelectList->items[0];
 	return this;
 }
 
diff --git a/src/dsql/ExprNodes.h b/src/dsql/ExprNodes.h
index e12ca6f5727..71a8ac120af 100644
--- a/src/dsql/ExprNodes.h
+++ b/src/dsql/ExprNodes.h
@@ -1867,7 +1867,7 @@ class StrLenNode : public TypedNode<ValueExprNode, ExprNode::TYPE_STR_LEN>
 class SubQueryNode : public TypedNode<ValueExprNode, ExprNode::TYPE_SUBQUERY>
 {
 public:
-	explicit SubQueryNode(MemoryPool& pool, UCHAR aBlrOp, RecordSourceNode* aDsqlRse = NULL,
+	explicit SubQueryNode(MemoryPool& pool, UCHAR aBlrOp, SelectExprNode* aDsqlSelectExpr = NULL,
 		ValueExprNode* aValue1 = NULL, ValueExprNode* aValue2 = NULL);
 
 	static DmlNode* parse(thread_db* tdbb, MemoryPool& pool, CompilerScratch* csb, const UCHAR blrOp);
@@ -1912,7 +1912,7 @@ class SubQueryNode : public TypedNode<ValueExprNode, ExprNode::TYPE_SUBQUERY>
 	virtual dsc* execute(thread_db* tdbb, jrd_req* request) const;
 
 public:
-	NestConst<RecordSourceNode> dsqlRse;
+	NestConst<SelectExprNode> dsqlSelectExpr;
 	NestConst<RseNode> rse;
 	NestConst<ValueExprNode> value1;
 	NestConst<ValueExprNode> value2;