Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug#35284734: mysqld crash from (m_ref_item != nullptr ?
ref_item()->walk(processor, walk, arg If a subquery gets transformed into an EXISTS subquery resulting in conditions being added involving the left side of the comparison operator and if the left side of the operator has a view reference, we are currently not incrementing the reference count for underlying field of the view reference correctly. This results in the deletion of the field even though it is accessed in the query which leads to problems later. A view reference expects that every reference to it increments the reference count of the underlying field correctly because all view references share the same underlying field. For a query like this one: SELECT f2 , MAX(t1.f1) FROM (WITH cte1 AS (SELECT * FROM t1) SELECT * FROM cte1) AS t1 WHERE FALSE AND (t1.f1+1 <> SOME (WITH cte2 AS (SELECT 1) SELECT * FROM cte2)) GROUP BY f2; the view reference (t1.f1) post transformation is referenced in 5 places (2 in cte1, 1 in the outer query block, (1 in the where clause but through another view reference) and 2 additionally in the trigger conditions added by the transformation) where as the reference count is 3. When the always false condition gets deleted, reference count is decremented twice and because cte1 gets merged, it reduces the reference count further to 0 resulting in deletion of the field. Solution is to increment the reference count correctly for every condition added by IN to EXISTS transformation. Change-Id: If39216cbfec4928d60c7be9ccbfb6d017c9605ef
- Loading branch information