• igor@olga.mysql.com's avatar
    Fixed bug #27870. The bug that causes crashes manifests itself at some · 6ad81b4e
    igor@olga.mysql.com authored
    conditions when executing an equijoin query with WHERE condition
    containing a subquery predicate of the form join_attr NOT IN (SELECT ...).
    
    To resolve a problem of the correct evaluation of the expression
      attr NOT IN (SELECT ...)
    an array of guards is created to make it possible to filter out some 
    predicates of the EXISTS subquery into which the original subquery 
    predicate is transformed, in the cases when a takes the NULL value. 
    If attr is defined as a field that cannot be NULL than such an array 
    is not needed and is not created. 
    However if the field a occurred also an an equijoin predicate t2.a=t1.b
    and table t1 is accessed before table t2 then it may happen that the 
    the EXISTS subquery is pushed down to the condition evaluated just after
    table t1 has been accessed. In this case any occurrence of t2.a is 
    substituted for t1.b. When t1.b takes the value of NULL an attempt is 
    made to turn on the corresponding guard. This action caused a crash as 
    no guard array had been created.
    
    Now the code of Item_in_subselect::set_cond_guard_var checks that the guard
    array has been created before setting a guard variable on. Otherwise the
    method does nothing. It cannot results in returning a row that could be
    rejected as the condition t2.a=t1.b will be checked later anyway.        
    6ad81b4e
item_subselect.h 17.5 KB