Bug#12603141: JOIN::flatten_subqueries asrt/simplify_joins sig11/...

Bug#12603457: SEGFAULT IN REINIT_STMT_BEFORE_USE

These bugs are (almost) duplicates (depends empty/non-empty tables)

When preparing a prepared statement, we need to save a copy of
WHERE and HAVING condition trees in the prep_where and prep_having
fields of SELECT_LEX. However, the semantic analysis needs to wrap
some Item_field objects using Item_ref objects, which are scoped for
the lifetime of the preparation. This is usually not a problem,
but when the Item_field is the root object of the condition, the
Item_ref object is attempted saved in prep_where or prep_having.
The destructor for the Item_ref is called at the end of the
preparation, so that when execution of the statement is performed,
the destroyed Item_ref object will be referenced.

Author: Tor Didriksen

mysql-test/r/ps.result

@@ -3722,6 +3722,32 @@ FROM (SELECT 1 UNION SELECT 2) t;
 #
 # End of 5.5 tests.
 #
+# Bug#12603141: JOIN::flatten_subqueries asrt/simplify_joins sig11/...
+# Bug#12603457: SEGFAULT IN REINIT_STMT_BEFORE_USE
+#
+CREATE TABLE t1(a INTEGER);
+CREATE TABLE t2(a INTEGER);
+PREPARE stmt FROM '
+SELECT (SELECT 1 FROM t2 WHERE ot.a) AS d
+FROM t1 AS ot
+GROUP BY d';
+EXECUTE stmt;
+d
+EXECUTE stmt;
+d
+INSERT INTO t1 VALUES (0),(1),(2);
+INSERT INTO t2 VALUES (1);
+EXECUTE stmt;
+d
+NULL
+1
+EXECUTE stmt;
+d
+NULL
+1
+DEALLOCATE PREPARE stmt;
+DROP TABLE t1, t2;
+#
 # Bug#12661349 assert in protocol::end_statement
 #
 # Note: This test case should be run with --ps-protocol

mysql-test/t/ps.test

@@ -3327,6 +3327,31 @@ FROM (SELECT 1 UNION SELECT 2) t;
 --echo #
 --echo # End of 5.5 tests.
 
+--echo #
+--echo # Bug#12603141: JOIN::flatten_subqueries asrt/simplify_joins sig11/...
+--echo # Bug#12603457: SEGFAULT IN REINIT_STMT_BEFORE_USE
+--echo #
+
+CREATE TABLE t1(a INTEGER);
+CREATE TABLE t2(a INTEGER);
+
+PREPARE stmt FROM '
+SELECT (SELECT 1 FROM t2 WHERE ot.a) AS d
+FROM t1 AS ot
+GROUP BY d';
+
+EXECUTE stmt;
+EXECUTE stmt;
+
+INSERT INTO t1 VALUES (0),(1),(2);
+INSERT INTO t2 VALUES (1);
+
+EXECUTE stmt;
+EXECUTE stmt;
+
+DEALLOCATE PREPARE stmt;
+DROP TABLE t1, t2;
+
 ###########################################################################
 
 

sql/sql_lex.cc

@@ -3113,12 +3113,12 @@ void st_select_lex::fix_prepare_information(THD *thd, Item **conds,
     }
     if (*conds)
     {
-      prep_where= *conds;
+      prep_where= (*conds)->real_item();
       *conds= where= prep_where->copy_andor_structure(thd);
     }
     if (*having_conds)
     {
-      prep_having= *having_conds;
+      prep_having= (*having_conds)->real_item();
       *having_conds= having= prep_having->copy_andor_structure(thd);
     }
     fix_prepare_info_in_table_list(thd, table_list.first);

sql/sql_select.cc

@@ -1909,7 +1909,8 @@ JOIN::optimize()
     conds= simplify_joins(this, join_list, conds, TRUE, FALSE);
     build_bitmap_for_nested_joins(join_list, 0);
 
-    sel->prep_where= conds ? conds->copy_andor_structure(thd) : 0;
+    sel->prep_where=
+      conds ? conds->real_item()->copy_andor_structure(thd) : NULL;
 
     if (arena)
       thd->restore_active_arena(arena, &backup);