MDEV-18668 Server crash or ASAN use-after-poison in Item_equal_iterator /

igorbabaev · igorbabaev · commit 25870f48cf66 · 2019-02-24T02:02:07.000-08:00
st_select_lex::pushdown_from_having_into_where upon query
           with impossible WHERE condition

Do not push from HAVING into impossible WHERE
diff --git a/mysql-test/main/having_cond_pushdown.result b/mysql-test/main/having_cond_pushdown.result
@@ -1906,3 +1906,15 @@ EXPLAIN
 DROP TABLE t1,t2;
 DROP VIEW v1;
 DROP FUNCTION f1;
+#
+# MDEV-18668: pushdown from HAVING into impossible WHERE
+#
+CREATE TABLE t1 (a INT, b INT);
+INSERT INTO t1 VALUES (1,1),(2,2);
+SELECT a FROM t1 WHERE b = 1 AND b = 2 GROUP BY a HAVING a <= 3;
+a
+EXPLAIN
+SELECT a FROM t1 WHERE b = 1 AND b = 2 GROUP BY a HAVING a <= 3;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	NULL	NULL	NULL	NULL	NULL	NULL	NULL	Impossible WHERE
+DROP TABLE t1;
diff --git a/mysql-test/main/having_cond_pushdown.test b/mysql-test/main/having_cond_pushdown.test
@@ -473,3 +473,16 @@ eval $no_pushdown explain format=json $query;
 DROP TABLE t1,t2;
 DROP VIEW v1;
 DROP FUNCTION f1;
+
+--echo #
+--echo # MDEV-18668: pushdown from HAVING into impossible WHERE
+--echo #
+
+CREATE TABLE t1 (a INT, b INT);
+INSERT INTO t1 VALUES (1,1),(2,2);
+
+SELECT a FROM t1 WHERE b = 1 AND b = 2 GROUP BY a HAVING a <= 3;
+EXPLAIN
+SELECT a FROM t1 WHERE b = 1 AND b = 2 GROUP BY a HAVING a <= 3;
+
+DROP TABLE t1;
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
@@ -1929,8 +1929,11 @@ JOIN::optimize_inner()
     DBUG_RETURN(1);
   }
 
+  /* Do not push into WHERE from HAVING if cond_value == Item::COND_FALSE */
+
   if (thd->lex->sql_command == SQLCOM_SELECT &&
-      optimizer_flag(thd, OPTIMIZER_SWITCH_COND_PUSHDOWN_FROM_HAVING))
+      optimizer_flag(thd, OPTIMIZER_SWITCH_COND_PUSHDOWN_FROM_HAVING) &&
+      cond_value != Item::COND_FALSE)
   {
     having=
       select_lex->pushdown_from_having_into_where(thd, having);
@@ -15380,6 +15383,7 @@ Item *eliminate_item_equal(THD *thd, COND *cond, COND_EQUAL *upper_levels,
   @param cond            condition to process
   @param cond_equal      multiple equalities to take into consideration
   @param table_join_idx  index to tables determining field preference
+  @param do_substitution if false: do not do any field substitution
 
   @note
     At the first glance full sort of fields in multiple equality
