Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
12.0.1
-
None
-
Not for Release Notes
Description
MariaDB server crashes with SIGSEGV (signal 11) when executing a query that contains an *unreferenced CTE* (a CTE that is defined but never used in the subsequent SELECT) inside a *derived table* (subquery), where the CTE body contains a *JOIN whose ON clause references a column from outside the CTE scope*.
The crash occurs in `Item_field::fix_outer_field()` at `sql/item.cc:6014`, which dereferences a NULL pointer when trying to resolve the outer field reference. The NULL pointer arises because the name resolution context chain is broken for unreferenced CTEs — `With_element::prepare_unreferenced()` attempts to prepare the CTE for field resolution, but the CTE's context has no valid parent link to the outer query scope.
MariaDB [test1]> SELECT * FROM (
-> WITH cte1 AS (
-> SELECT x.a, y.b
-> FROM t1 x JOIN t2 y ON (y.b = nonexistent.col)
-> )
-> SELECT * FROM t2
-> ) mm;
ERROR 2026 (HY000): TLS/SSL error: unexpected eof while reading
```
DROP TABLE IF EXISTS t1, t2;
CREATE TABLE t1 (a INT, b VARCHAR(100));
CREATE TABLE t2 (a INT, b VARCHAR(100));
INSERT INTO t1 VALUES (1, 'hello');
INSERT INTO t2 VALUES (1, 'world');
SELECT * FROM (
WITH cte1 AS (
SELECT x.a, y.b
FROM t1 x JOIN t2 y ON (y.b = nonexistent.col)
)
SELECT * FROM t2
) mm;
MariaDB [(none)]> select version();
----------------------
| version() |
----------------------
| 12.0.1-MariaDB-debug |
----------------------
1 row in set (0.000 sec)
```
Attachments
Issue Links
- duplicates
-
-
- Confirmed
-