MariaDB · DaveGosselin-MariaDB · Nov 30, 2023
diff --git a/mysql-test/main/win.result b/mysql-test/main/win.result
@@ -4391,3 +4391,59 @@ row_number() OVER (order by a)
 2
 3
 drop table t1;
+#
+# MDEV-28509: Access null pointer during add_key_field call
+#
+CREATE TABLE t1 (i int);
+INSERT INTO t1 VALUES (1),(2),(3);
+WITH cte AS (SELECT i FROM (SELECT i FROM t1 GROUP BY i) dt WINDOW w AS (PARTITION BY i))
+SELECT a.i FROM cte a JOIN cte b on a.i=b.i WHERE a.i != 5;
+i
+1
+2
+3
+DROP TABLE t1;
+WITH c AS (SELECT i FROM (SELECT i FROM (SELECT 1 AS i) AS i GROUP BY i) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i!=1;
+i
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY e)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+i
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+i
+CREATE TABLE t2 ( v1055 INT );
+INSERT INTO t2 ( v1055 ) VALUES ( 54 );
+UPDATE t2 SET v1055 = 127 WHERE v1055 = 83;
+INSERT INTO t2 ( v1055 ) VALUES ( -1 ) , ( -1 );
+WITH v1057 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1056 ) SELECT v1055 FROM v1057 WHERE v1055 BETWEEN FALSE AND ( ( ( v1055 OR NOT v1055 ) BETWEEN ( ( ( ( EXISTS ( WITH v1063 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1058 WINDOW v1062 AS ( PARTITION BY v1055 ORDER BY ( SELECT DISTINCT 16 FROM t2 AS v1059 , t2 AS v1060 , t2 AS v1061 JOIN t2 ) DESC RANGE BETWEEN 80808358.000000 FOLLOWING AND 82012945.000000 FOLLOWING ) ) SELECT v1055 FROM ( SELECT DISTINCT ( ( NOT ( 60914711.000000 AND v1055 = 68 ) ) = -1 AND v1055 = 17 ) % v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 WHERE v1055 = -128 AND ( v1055 = -128 OR v1055 = 0 OR v1055 = 31 ) ) AS v1064 NATURAL JOIN v1063 AS v1065 NATURAL JOIN v1063 AS v1066 NATURAL JOIN ( SELECT DISTINCT v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 ) AS v1067 NATURAL JOIN v1063 AS v1068 NATURAL JOIN v1063 WHERE v1055 != 72 GROUP BY v1055 ORDER BY v1055 ) AND v1055 = -1 ) - 2147483647 ) ) ) AND 'x' = ( 4 + 34235093.000000 <= 60 ) ) );
+v1055
+Warnings:
+Warning 1292 Truncated incorrect DECIMAL value: 'x'
+Warning 1292 Truncated incorrect DECIMAL value: 'x'
+DROP TABLE t2;
+SET @save_sql_mode=@@sql_mode;
+SET sql_mode=ONLY_FULL_GROUP_BY;
+CREATE TABLE t1 (i int);
+INSERT INTO t1 VALUES (1),(2),(3);
+WITH cte AS (SELECT i FROM (SELECT i FROM t1 GROUP BY i) dt WINDOW w AS (PARTITION BY i))
+SELECT a.i FROM cte a JOIN cte b on a.i=b.i WHERE a.i != 5;
+i
+1
+2
+3
+DROP TABLE t1;
+WITH c AS (SELECT i FROM (SELECT i FROM (SELECT 1 AS i) AS i GROUP BY i) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i!=1;
+i
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY e)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+i
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+i
+CREATE TABLE t2 ( v1055 INT );
+INSERT INTO t2 ( v1055 ) VALUES ( 54 );
+UPDATE t2 SET v1055 = 127 WHERE v1055 = 83;
+INSERT INTO t2 ( v1055 ) VALUES ( -1 ) , ( -1 );
+WITH v1057 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1056 ) SELECT v1055 FROM v1057 WHERE v1055 BETWEEN FALSE AND ( ( ( v1055 OR NOT v1055 ) BETWEEN ( ( ( ( EXISTS ( WITH v1063 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1058 WINDOW v1062 AS ( PARTITION BY v1055 ORDER BY ( SELECT DISTINCT 16 FROM t2 AS v1059 , t2 AS v1060 , t2 AS v1061 JOIN t2 ) DESC RANGE BETWEEN 80808358.000000 FOLLOWING AND 82012945.000000 FOLLOWING ) ) SELECT v1055 FROM ( SELECT DISTINCT ( ( NOT ( 60914711.000000 AND v1055 = 68 ) ) = -1 AND v1055 = 17 ) % v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 WHERE v1055 = -128 AND ( v1055 = -128 OR v1055 = 0 OR v1055 = 31 ) ) AS v1064 NATURAL JOIN v1063 AS v1065 NATURAL JOIN v1063 AS v1066 NATURAL JOIN ( SELECT DISTINCT v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 ) AS v1067 NATURAL JOIN v1063 AS v1068 NATURAL JOIN v1063 WHERE v1055 != 72 GROUP BY v1055 ORDER BY v1055 ) AND v1055 = -1 ) - 2147483647 ) ) ) AND 'x' = ( 4 + 34235093.000000 <= 60 ) ) );
+v1055
+Warnings:
+Warning 1292 Truncated incorrect DECIMAL value: 'x'
+Warning 1292 Truncated incorrect DECIMAL value: 'x'
+DROP TABLE t2;
+SET @@sql_mode=@save_sql_mode;
diff --git a/mysql-test/main/win.test b/mysql-test/main/win.test
@@ -2873,3 +2873,46 @@ create table t1 (a int);
 insert into t1 values (1),(2),(3);
 SELECT row_number() OVER (order by a) FROM t1 order by NAME_CONST('myname',NULL);
 drop table t1;
+
+--echo #
+--echo # MDEV-28509: Access null pointer during add_key_field call
+--echo #
+CREATE TABLE t1 (i int);
+INSERT INTO t1 VALUES (1),(2),(3);
+WITH cte AS (SELECT i FROM (SELECT i FROM t1 GROUP BY i) dt WINDOW w AS (PARTITION BY i))
+SELECT a.i FROM cte a JOIN cte b on a.i=b.i WHERE a.i != 5;
+DROP TABLE t1;
+
+WITH c AS (SELECT i FROM (SELECT i FROM (SELECT 1 AS i) AS i GROUP BY i) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i!=1;
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY e)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+
+CREATE TABLE t2 ( v1055 INT );
+INSERT INTO t2 ( v1055 ) VALUES ( 54 );
+UPDATE t2 SET v1055 = 127 WHERE v1055 = 83;
+INSERT INTO t2 ( v1055 ) VALUES ( -1 ) , ( -1 );
+WITH v1057 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1056 ) SELECT v1055 FROM v1057 WHERE v1055 BETWEEN FALSE AND ( ( ( v1055 OR NOT v1055 ) BETWEEN ( ( ( ( EXISTS ( WITH v1063 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1058 WINDOW v1062 AS ( PARTITION BY v1055 ORDER BY ( SELECT DISTINCT 16 FROM t2 AS v1059 , t2 AS v1060 , t2 AS v1061 JOIN t2 ) DESC RANGE BETWEEN 80808358.000000 FOLLOWING AND 82012945.000000 FOLLOWING ) ) SELECT v1055 FROM ( SELECT DISTINCT ( ( NOT ( 60914711.000000 AND v1055 = 68 ) ) = -1 AND v1055 = 17 ) % v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 WHERE v1055 = -128 AND ( v1055 = -128 OR v1055 = 0 OR v1055 = 31 ) ) AS v1064 NATURAL JOIN v1063 AS v1065 NATURAL JOIN v1063 AS v1066 NATURAL JOIN ( SELECT DISTINCT v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 ) AS v1067 NATURAL JOIN v1063 AS v1068 NATURAL JOIN v1063 WHERE v1055 != 72 GROUP BY v1055 ORDER BY v1055 ) AND v1055 = -1 ) - 2147483647 ) ) ) AND 'x' = ( 4 + 34235093.000000 <= 60 ) ) );
+DROP TABLE t2;
+
+
+SET @save_sql_mode=@@sql_mode;
+SET sql_mode=ONLY_FULL_GROUP_BY;
+
+CREATE TABLE t1 (i int);
+INSERT INTO t1 VALUES (1),(2),(3);
+WITH cte AS (SELECT i FROM (SELECT i FROM t1 GROUP BY i) dt WINDOW w AS (PARTITION BY i))
+SELECT a.i FROM cte a JOIN cte b on a.i=b.i WHERE a.i != 5;
+DROP TABLE t1;
+
+WITH c AS (SELECT i FROM (SELECT i FROM (SELECT 1 AS i) AS i GROUP BY i) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i!=1;
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY e)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+
+CREATE TABLE t2 ( v1055 INT );
+INSERT INTO t2 ( v1055 ) VALUES ( 54 );
+UPDATE t2 SET v1055 = 127 WHERE v1055 = 83;
+INSERT INTO t2 ( v1055 ) VALUES ( -1 ) , ( -1 );
+WITH v1057 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1056 ) SELECT v1055 FROM v1057 WHERE v1055 BETWEEN FALSE AND ( ( ( v1055 OR NOT v1055 ) BETWEEN ( ( ( ( EXISTS ( WITH v1063 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1058 WINDOW v1062 AS ( PARTITION BY v1055 ORDER BY ( SELECT DISTINCT 16 FROM t2 AS v1059 , t2 AS v1060 , t2 AS v1061 JOIN t2 ) DESC RANGE BETWEEN 80808358.000000 FOLLOWING AND 82012945.000000 FOLLOWING ) ) SELECT v1055 FROM ( SELECT DISTINCT ( ( NOT ( 60914711.000000 AND v1055 = 68 ) ) = -1 AND v1055 = 17 ) % v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 WHERE v1055 = -128 AND ( v1055 = -128 OR v1055 = 0 OR v1055 = 31 ) ) AS v1064 NATURAL JOIN v1063 AS v1065 NATURAL JOIN v1063 AS v1066 NATURAL JOIN ( SELECT DISTINCT v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 ) AS v1067 NATURAL JOIN v1063 AS v1068 NATURAL JOIN v1063 WHERE v1055 != 72 GROUP BY v1055 ORDER BY v1055 ) AND v1055 = -1 ) - 2147483647 ) ) ) AND 'x' = ( 4 + 34235093.000000 <= 60 ) ) );
+DROP TABLE t2;
+
+SET @@sql_mode=@save_sql_mode;
diff --git a/mysql-test/suite/encryption/r/tempfiles_encrypted.result b/mysql-test/suite/encryption/r/tempfiles_encrypted.result
@@ -4398,6 +4398,62 @@ row_number() OVER (order by a)
 3
 drop table t1;
 #
+# MDEV-28509: Access null pointer during add_key_field call
+#
+CREATE TABLE t1 (i int);
+INSERT INTO t1 VALUES (1),(2),(3);
+WITH cte AS (SELECT i FROM (SELECT i FROM t1 GROUP BY i) dt WINDOW w AS (PARTITION BY i))
+SELECT a.i FROM cte a JOIN cte b on a.i=b.i WHERE a.i != 5;
+i
+1
+2
+3
+DROP TABLE t1;
+WITH c AS (SELECT i FROM (SELECT i FROM (SELECT 1 AS i) AS i GROUP BY i) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i!=1;
+i
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY e)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+i
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+i
+CREATE TABLE t2 ( v1055 INT );
+INSERT INTO t2 ( v1055 ) VALUES ( 54 );
+UPDATE t2 SET v1055 = 127 WHERE v1055 = 83;
+INSERT INTO t2 ( v1055 ) VALUES ( -1 ) , ( -1 );
+WITH v1057 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1056 ) SELECT v1055 FROM v1057 WHERE v1055 BETWEEN FALSE AND ( ( ( v1055 OR NOT v1055 ) BETWEEN ( ( ( ( EXISTS ( WITH v1063 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1058 WINDOW v1062 AS ( PARTITION BY v1055 ORDER BY ( SELECT DISTINCT 16 FROM t2 AS v1059 , t2 AS v1060 , t2 AS v1061 JOIN t2 ) DESC RANGE BETWEEN 80808358.000000 FOLLOWING AND 82012945.000000 FOLLOWING ) ) SELECT v1055 FROM ( SELECT DISTINCT ( ( NOT ( 60914711.000000 AND v1055 = 68 ) ) = -1 AND v1055 = 17 ) % v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 WHERE v1055 = -128 AND ( v1055 = -128 OR v1055 = 0 OR v1055 = 31 ) ) AS v1064 NATURAL JOIN v1063 AS v1065 NATURAL JOIN v1063 AS v1066 NATURAL JOIN ( SELECT DISTINCT v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 ) AS v1067 NATURAL JOIN v1063 AS v1068 NATURAL JOIN v1063 WHERE v1055 != 72 GROUP BY v1055 ORDER BY v1055 ) AND v1055 = -1 ) - 2147483647 ) ) ) AND 'x' = ( 4 + 34235093.000000 <= 60 ) ) );
+v1055
+Warnings:
+Warning 1292 Truncated incorrect DECIMAL value: 'x'
+Warning 1292 Truncated incorrect DECIMAL value: 'x'
+DROP TABLE t2;
+SET @save_sql_mode=@@sql_mode;
+SET sql_mode=ONLY_FULL_GROUP_BY;
+CREATE TABLE t1 (i int);
+INSERT INTO t1 VALUES (1),(2),(3);
+WITH cte AS (SELECT i FROM (SELECT i FROM t1 GROUP BY i) dt WINDOW w AS (PARTITION BY i))
+SELECT a.i FROM cte a JOIN cte b on a.i=b.i WHERE a.i != 5;
+i
+1
+2
+3
+DROP TABLE t1;
+WITH c AS (SELECT i FROM (SELECT i FROM (SELECT 1 AS i) AS i GROUP BY i) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i!=1;
+i
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY e)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+i
+WITH c AS (SELECT i FROM (SELECT i AS e, i AS i FROM (SELECT 1 AS i) i GROUP BY e) d WINDOW w AS (PARTITION BY i)) SELECT a.i FROM c a JOIN c b on a.i=b.i WHERE a.i<>1;
+i
+CREATE TABLE t2 ( v1055 INT );
+INSERT INTO t2 ( v1055 ) VALUES ( 54 );
+UPDATE t2 SET v1055 = 127 WHERE v1055 = 83;
+INSERT INTO t2 ( v1055 ) VALUES ( -1 ) , ( -1 );
+WITH v1057 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1056 ) SELECT v1055 FROM v1057 WHERE v1055 BETWEEN FALSE AND ( ( ( v1055 OR NOT v1055 ) BETWEEN ( ( ( ( EXISTS ( WITH v1063 AS ( SELECT v1055 FROM ( SELECT v1055 FROM t2 GROUP BY v1055 ) AS v1058 WINDOW v1062 AS ( PARTITION BY v1055 ORDER BY ( SELECT DISTINCT 16 FROM t2 AS v1059 , t2 AS v1060 , t2 AS v1061 JOIN t2 ) DESC RANGE BETWEEN 80808358.000000 FOLLOWING AND 82012945.000000 FOLLOWING ) ) SELECT v1055 FROM ( SELECT DISTINCT ( ( NOT ( 60914711.000000 AND v1055 = 68 ) ) = -1 AND v1055 = 17 ) % v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 WHERE v1055 = -128 AND ( v1055 = -128 OR v1055 = 0 OR v1055 = 31 ) ) AS v1064 NATURAL JOIN v1063 AS v1065 NATURAL JOIN v1063 AS v1066 NATURAL JOIN ( SELECT DISTINCT v1055 , ( v1055 = -1 OR v1055 > 'x' ) FROM t2 ) AS v1067 NATURAL JOIN v1063 AS v1068 NATURAL JOIN v1063 WHERE v1055 != 72 GROUP BY v1055 ORDER BY v1055 ) AND v1055 = -1 ) - 2147483647 ) ) ) AND 'x' = ( 4 + 34235093.000000 <= 60 ) ) );
+v1055
+Warnings:
+Warning 1292 Truncated incorrect DECIMAL value: 'x'
+Warning 1292 Truncated incorrect DECIMAL value: 'x'
+DROP TABLE t2;
+SET @@sql_mode=@save_sql_mode;
+#
 # MDEV-23867: select crash in compute_window_func
 #
 set @save_sort_buffer_size=@@sort_buffer_size;

diff --git a/sql/sql_select.cc b/sql/sql_select.cc
@@ -60,6 +60,7 @@
 #include <my_bit.h>
 #include <hash.h>
 #include <ft_global.h>
+#include <scope.h>
 #include "sys_vars_shared.h"
 #include "sp_head.h"
 #include "sp_rcontext.h"
@@ -25413,6 +25414,13 @@ setup_group(THD *thd, Ref_ptr_array ref_pointer_array, TABLE_LIST *tables,
  uint org_fields=all_fields.elements;
 
  thd->where="group statement";
+
+ // Don't allow markers to remain undefined upon return from setup_group
+ SCOPE_EXIT([order] () {
+ for (ORDER *ord= order; ord; ord= ord->next)
+ if ((*ord->item)->marker == UNDEF_POS)
+ (*ord->item)->marker= 0;
+ });
  for (ord= order; ord; ord= ord->next)
  {
  if (find_order_in_list(thd, ref_pointer_array, tables, ord, fields,