revision-id: df4f4bd84acce75150caff95b08c9b82d61e45db (mariadb-10.2.31-640-gdf4f4bd84ac) parent(s): dfe8ef8bd83b359f00e9caa3d1df05434d329958 author: Sergei Petrunia committer: Sergei Petrunia timestamp: 2020-12-22 19:17:20 +0300 message: MDEV-24444: ASAN use-after-poison in Item_func_in::get_func_mm_tree with NOT IN Fix a trivial error in the fix for MDEV-21958: check the key in the right table. --- mysql-test/r/range.result | 10 ++++++++++ mysql-test/t/range.test | 13 +++++++++++++ sql/opt_range.cc | 2 +- 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/range.result b/mysql-test/r/range.result index 49bce9a316d..1d07cb04c06 100644 --- a/mysql-test/r/range.result +++ b/mysql-test/r/range.result @@ -3174,5 +3174,15 @@ id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE t2 ALL PRIMARY NULL NULL NULL 1000 Using where drop table t1,t2; # +# MDEV-24444: ASAN use-after-poison in Item_func_in::get_func_mm_tree with NOT IN +# +CREATE TABLE t1 (id INT, a CHAR(3), b INT, PRIMARY KEY(id), KEY(b), KEY(a)); +INSERT INTO t1 VALUES (1,'foo',10),(2,'bar',20); +CREATE TABLE t2 (code CHAR(8), num INT, PRIMARY KEY (code)); +INSERT INTO t2 VALUES ('100',1),('111',2); +SELECT * FROM t1 JOIN t2 ON (t2.code = t1.b) WHERE t1.a NOT IN ('baz', 'qux') OR t2.num != 3; +id a b code num +DROP TABLE t1, t2; +# # End of 10.2 tests # diff --git a/mysql-test/t/range.test b/mysql-test/t/range.test index 4088aa2990e..2f55889afec 100644 --- a/mysql-test/t/range.test +++ b/mysql-test/t/range.test @@ -2204,6 +2204,19 @@ explain select * from t2 force index (primary) where pk not in (1,2,3); drop table t1,t2; +--echo # +--echo # MDEV-24444: ASAN use-after-poison in Item_func_in::get_func_mm_tree with NOT IN +--echo # +CREATE TABLE t1 (id INT, a CHAR(3), b INT, PRIMARY KEY(id), KEY(b), KEY(a)); +INSERT INTO t1 VALUES (1,'foo',10),(2,'bar',20); + +CREATE TABLE t2 (code CHAR(8), num INT, PRIMARY KEY (code)); +INSERT INTO t2 VALUES ('100',1),('111',2); + +SELECT * FROM t1 JOIN t2 ON (t2.code = t1.b) WHERE t1.a NOT IN ('baz', 'qux') OR t2.num != 3; + +DROP TABLE t1, t2; + --echo # --echo # End of 10.2 tests --echo # diff --git a/sql/opt_range.cc b/sql/opt_range.cc index 3a6579b0471..27ea4a83714 100644 --- a/sql/opt_range.cc +++ b/sql/opt_range.cc @@ -7173,7 +7173,7 @@ SEL_TREE *Item_func_in::get_func_mm_tree(RANGE_OPT_PARAM *param, uint key_no; while ((key_no= it.next_bit()) != key_map::Iterator::BITMAP_END) { - KEY *key_info= ¶m->table->key_info[key_no]; + KEY *key_info= &field->table->key_info[key_no]; if (key_info->user_defined_key_parts == 1 && (key_info->flags & HA_NOSAME)) {