Skip to content
Permalink
Browse files
MDEV-28206: SIGSEGV in Item_field::fix_fields when using LEAD...OVER 
thd->lex->in_sum_func->max_arg_level cannot be set to a
bigger value of select->nest_level if select is null.
  • Loading branch information
@grooverdan
grooverdan committed Dec 2, 2022
1 parent 4783f37 commit 072b366
Show file tree
Hide file tree
Showing 4 changed files with 77 additions and 0 deletions.
24 mysql-test/main/win.result
View file
@@ -4352,3 +4352,27 @@ row_number() OVER (order by a)
2
3
drop table t1;
#
# MDEV-28206 SIGSEGV in Item_field::fix_fields when using LEAD...OVER
#
CREATE TABLE t(c1 INT);
CREATE FUNCTION f() RETURNS INT READS SQL DATA BEGIN
DECLARE v INT;
SELECT 1 INTO v FROM (SELECT c1,COALESCE(LEAD(a2.c1) OVER (PARTITION BY a2.c1 ORDER BY a2.c1),a2.c1) AS a1 FROM (t a2 JOIN t a3 USING (c1))) a4;
RETURN 1;
END//
SELECT f(),f();
f() f()
1 1
EXECUTE IMMEDIATE "SELECT LEAD(c1) OVER (ORDER BY c1) FROM t NATURAL JOIN t AS a;";
LEAD(c1) OVER (ORDER BY c1)
EXECUTE IMMEDIATE "SELECT SUM(c1) OVER (ORDER BY c1) FROM t NATURAL JOIN t AS a;";
SUM(c1) OVER (ORDER BY c1)
EXECUTE IMMEDIATE "SELECT LEAD(c) OVER (ORDER BY c) FROM (SELECT 1 AS c) AS a NATURAL JOIN (SELECT 1 AS c) AS b;";
LEAD(c) OVER (ORDER BY c)
NULL
DROP FUNCTION f;
DROP TABLE t;
#
# End of 10.6 tests
#
28 mysql-test/main/win.test
View file
@@ -2829,3 +2829,31 @@ create table t1 (a int);
insert into t1 values (1),(2),(3);
SELECT row_number() OVER (order by a) FROM t1 order by NAME_CONST('myname',NULL);
drop table t1;

--echo #
--echo # MDEV-28206 SIGSEGV in Item_field::fix_fields when using LEAD...OVER
--echo #

CREATE TABLE t(c1 INT);

DELIMITER //;
CREATE FUNCTION f() RETURNS INT READS SQL DATA BEGIN
DECLARE v INT;
SELECT 1 INTO v FROM (SELECT c1,COALESCE(LEAD(a2.c1) OVER (PARTITION BY a2.c1 ORDER BY a2.c1),a2.c1) AS a1 FROM (t a2 JOIN t a3 USING (c1))) a4;
RETURN 1;
END//
DELIMITER ;//

SELECT f(),f();

EXECUTE IMMEDIATE "SELECT LEAD(c1) OVER (ORDER BY c1) FROM t NATURAL JOIN t AS a;";
EXECUTE IMMEDIATE "SELECT SUM(c1) OVER (ORDER BY c1) FROM t NATURAL JOIN t AS a;";

EXECUTE IMMEDIATE "SELECT LEAD(c) OVER (ORDER BY c) FROM (SELECT 1 AS c) AS a NATURAL JOIN (SELECT 1 AS c) AS b;";

DROP FUNCTION f;
DROP TABLE t;

--echo #
--echo # End of 10.6 tests
--echo #
24 mysql-test/suite/encryption/r/tempfiles_encrypted.result
View file
@@ -4359,6 +4359,30 @@ row_number() OVER (order by a)
3
drop table t1;
#
# MDEV-28206 SIGSEGV in Item_field::fix_fields when using LEAD...OVER
#
CREATE TABLE t(c1 INT);
CREATE FUNCTION f() RETURNS INT READS SQL DATA BEGIN
DECLARE v INT;
SELECT 1 INTO v FROM (SELECT c1,COALESCE(LEAD(a2.c1) OVER (PARTITION BY a2.c1 ORDER BY a2.c1),a2.c1) AS a1 FROM (t a2 JOIN t a3 USING (c1))) a4;
RETURN 1;
END//
SELECT f(),f();
f() f()
1 1
EXECUTE IMMEDIATE "SELECT LEAD(c1) OVER (ORDER BY c1) FROM t NATURAL JOIN t AS a;";
LEAD(c1) OVER (ORDER BY c1)
EXECUTE IMMEDIATE "SELECT SUM(c1) OVER (ORDER BY c1) FROM t NATURAL JOIN t AS a;";
SUM(c1) OVER (ORDER BY c1)
EXECUTE IMMEDIATE "SELECT LEAD(c) OVER (ORDER BY c) FROM (SELECT 1 AS c) AS a NATURAL JOIN (SELECT 1 AS c) AS b;";
LEAD(c) OVER (ORDER BY c)
NULL
DROP FUNCTION f;
DROP TABLE t;
#
# End of 10.6 tests
#
#
# MDEV-23867: select crash in compute_window_func
#
set @save_sort_buffer_size=@@sort_buffer_size;
1 sql/item.cc
View file
@@ -6114,6 +6114,7 @@ bool Item_field::fix_fields(THD *thd, Item **reference)

if (!thd->lex->current_select->no_wrap_view_item &&
thd->lex->in_sum_func &&
select &&
thd->lex == select->parent_lex &&
thd->lex->in_sum_func->nest_level ==
select->nest_level)

0 comments on commit 072b366

Please sign in to comment.