|
 |
11c328 |
From 7d47517d579601bb6e59e33bf0896f0ed36aa0aa Mon Sep 17 00:00:00 2001
|
|
|
11c328 |
From: Ondrej Dubaj <odubaj@redhat.com>
|
|
|
11c328 |
Date: Mon, 20 Jan 2020 09:34:41 +0100
|
|
|
11c328 |
Subject: [PATCH] Continue to back away from the LEFT JOIN optimization of
|
|
|
11c328 |
check-in
|
|
|
11c328 |
|
|
|
11c328 |
by disallowing query flattening if the outer query is DISTINCT. Without this fix,
|
|
|
11c328 |
if an index scan is run on the table within the view on the right-hand side of the
|
|
|
11c328 |
LEFT JOIN, stale result registers might be accessed yielding incorrect results,
|
|
|
11c328 |
and/or an OP_IfNullRow opcode might be invoked on the un-opened table, resulting
|
|
|
11c328 |
in a NULL-pointer dereference. This problem was found by the Yongheng and Rui fuzzer.
|
|
|
11c328 |
---
|
|
|
11c328 |
src/select.c | 8 ++++++--
|
|
|
11c328 |
test/join.test | 13 +++++++++++++
|
|
|
11c328 |
2 files changed, 19 insertions(+), 2 deletions(-)
|
|
|
11c328 |
|
|
|
11c328 |
diff --git a/src/select.c b/src/select.c
|
|
|
11c328 |
index c60ff27..0205a08 100644
|
|
|
11c328 |
--- a/src/select.c
|
|
|
11c328 |
+++ b/src/select.c
|
|
|
11c328 |
@@ -3569,6 +3569,7 @@ static void substSelect(
|
|
|
11c328 |
** (3b) the FROM clause of the subquery may not contain a virtual
|
|
|
11c328 |
** table and
|
|
|
11c328 |
** (3c) the outer query may not be an aggregate.
|
|
|
11c328 |
+** (3d) the outer query may not be DISTINCT.
|
|
|
11c328 |
**
|
|
|
11c328 |
** (4) The subquery can not be DISTINCT.
|
|
|
11c328 |
**
|
|
|
11c328 |
@@ -3765,8 +3766,11 @@ static int flattenSubquery(
|
|
|
11c328 |
*/
|
|
|
11c328 |
if( (pSubitem->fg.jointype & JT_OUTER)!=0 ){
|
|
|
11c328 |
isLeftJoin = 1;
|
|
|
11c328 |
- if( pSubSrc->nSrc>1 || isAgg || IsVirtual(pSubSrc->a[0].pTab) ){
|
|
|
11c328 |
- /* (3a) (3c) (3b) */
|
|
|
11c328 |
+ if( pSubSrc->nSrc>1 /* (3a) */
|
|
|
11c328 |
+ || isAgg /* (3b) */
|
|
|
11c328 |
+ || IsVirtual(pSubSrc->a[0].pTab) /* (3c) */
|
|
|
11c328 |
+ || (p->selFlags & SF_Distinct)!=0 /* (3d) */
|
|
|
11c328 |
+ ){
|
|
|
11c328 |
return 0;
|
|
|
11c328 |
}
|
|
|
11c328 |
}
|
|
|
11c328 |
diff --git a/test/join.test b/test/join.test
|
|
|
11c328 |
index 8c6f463..8c6a53d 100644
|
|
|
11c328 |
--- a/test/join.test
|
|
|
11c328 |
+++ b/test/join.test
|
|
|
11c328 |
@@ -844,4 +844,17 @@ do_execsql_test join-15.110 {
|
|
|
11c328 |
ORDER BY a1, a2, a3, a4, a5;
|
|
|
11c328 |
} {1 {} {} {} {} 1 11 {} {} {} 1 12 {} {} {} 1 12 121 {} {} 1 13 {} {} {}}
|
|
|
11c328 |
|
|
|
11c328 |
+# 2019-12-18 problem with a LEFT JOIN where the RHS is a view.
|
|
|
11c328 |
+# Detected by Yongheng and Rui.
|
|
|
11c328 |
+# Follows from the optimization attempt of check-in 41c27bc0ff1d3135
|
|
|
11c328 |
+# on 2017-04-18
|
|
|
11c328 |
+#
|
|
|
11c328 |
+reset_db
|
|
|
11c328 |
+do_execsql_test join-22.10 {
|
|
|
11c328 |
+ CREATE TABLE t0(a, b);
|
|
|
11c328 |
+ CREATE INDEX t0a ON t0(a);
|
|
|
11c328 |
+ INSERT INTO t0 VALUES(10,10),(10,11),(10,12);
|
|
|
11c328 |
+ SELECT DISTINCT c FROM t0 LEFT JOIN (SELECT a+1 AS c FROM t0) ORDER BY c ;
|
|
|
11c328 |
+} {11}
|
|
|
11c328 |
+
|
|
|
11c328 |
finish_test
|
|
|
11c328 |
--
|
|
|
11c328 |
2.19.1
|
|
|
11c328 |
|