MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query

Make sure that EXPLAIN object allocated on runtime arena.

mysql-test/main/subselect.result

@@ -7369,3 +7369,14 @@ a
 1
 drop table t1,t2,t3;
 # End of 10.2 tests
+#
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#

mysql-test/main/subselect.test

@@ -6308,3 +6308,17 @@ select a from t3
 drop table t1,t2,t3;
 
 --echo # End of 10.2 tests
+
+--echo #
+--echo # MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+--echo #
+
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+
+# Cleanup
+DROP TABLE t;
+
+--echo #
+--echo # End of 10.3 tests
+--echo #

mysql-test/main/subselect_no_exists_to_in.result

@@ -7369,6 +7369,17 @@ a
 1
 drop table t1,t2,t3;
 # End of 10.2 tests
+#
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
 set optimizer_switch=default;
 select @@optimizer_switch like '%exists_to_in=off%';
 @@optimizer_switch like '%exists_to_in=off%'

mysql-test/main/subselect_no_mat.result

@@ -7362,6 +7362,17 @@ a
 1
 drop table t1,t2,t3;
 # End of 10.2 tests
+#
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
 set optimizer_switch=default;
 select @@optimizer_switch like '%materialization=on%';
 @@optimizer_switch like '%materialization=on%'

mysql-test/main/subselect_no_opts.result

@@ -7360,4 +7360,15 @@ a
 1
 drop table t1,t2,t3;
 # End of 10.2 tests
+#
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
 set @optimizer_switch_for_subselect_test=null;

mysql-test/main/subselect_no_scache.result

@@ -7375,6 +7375,17 @@ a
 1
 drop table t1,t2,t3;
 # End of 10.2 tests
+#
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
 set optimizer_switch=default;
 select @@optimizer_switch like '%subquery_cache=on%';
 @@optimizer_switch like '%subquery_cache=on%'

mysql-test/main/subselect_no_semijoin.result

@@ -7361,6 +7361,17 @@ a
 drop table t1,t2,t3;
 # End of 10.2 tests
 #
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
+#
 # MDEV-19714: JOIN::pseudo_bits_cond is not visible in EXPLAIN FORMAT=JSON
 #
 CREATE TABLE t1 ( a INT );

sql/sql_select.cc

@@ -1078,6 +1078,15 @@ JOIN::prepare(TABLE_LIST *tables_init,
   // simple check that we got usable conds
   dbug_print_item(conds);
 
+  /*
+    It is hack which force creating EXPLAIN object always on runt-time arena
+    (because very top JOIN::prepare executes always with runtime arena, but
+    constant subquery like (SELECT 'x') can be called with statement arena
+    during prepare phase of top SELECT).
+  */
+  if (!(thd->lex->context_analysis_only & CONTEXT_ANALYSIS_ONLY_PREPARE))
+      create_explain_query_if_not_exists(thd->lex, thd->mem_root);
+
   if (select_lex->handle_derived(thd->lex, DT_PREPARE))
     DBUG_RETURN(-1);
 
@@ -1521,7 +1530,6 @@ bool JOIN::build_explain()
 int JOIN::optimize()
 {
   int res= 0;
-  create_explain_query_if_not_exists(thd->lex, thd->mem_root);
   join_optimization_state init_state= optimization_state;
   if (optimization_state == JOIN::OPTIMIZATION_PHASE_1_DONE)
     res= optimize_stage2();