[#MDEV-30248] Infinite sequence of recursive calls when processing embedded CTE

CREATE TABLE x (c INT);

WITH x AS (((SELECT (WITH x AS (WITH x AS (SELECT 1 FROM x) SELECT 1) SELECT 1)))) SELECT 1;

10.11.2 c194db34d93d8d94bd52b17349063fa401e3f942 (Debug)
Core was generated by `/test/MD171222-mariadb-10.11.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055ec81a53b5e in st_select_lex_unit::set_unique_exclude (
this=0x149aa4015390) at /test/10.11_dbg/sql/sql_union.cc:2849
2849 {
[Current thread is 1 (Thread 0x149abfbfd700 (LWP 2438758))]
(gdb) bt
#0 0x000055ec81a53b5e in st_select_lex_unit::set_unique_exclude (this=0x149aa4015390) at /test/10.11_dbg/sql/sql_union.cc:2849
#1 0x000055ec81a53b93 in st_select_lex_unit::set_unique_exclude (this=<optimized out>) at /test/10.11_dbg/sql/sql_union.cc:2857
#2 0x000055ec81a53b93 in st_select_lex_unit::set_unique_exclude (this=<optimized out>) at /test/10.11_dbg/sql/sql_union.cc:2857
...
...
#992 0x000055ec81a53b93 in st_select_lex_unit::set_unique_exclude (this=<optimized out>) at /test/10.11_dbg/sql/sql_union.cc:2857
#993 0x000055ec81a53b93 in st_select_lex_unit::set_unique_exclude (this=<optimized out>) at /test/10.11_dbg/sql/sql_union.cc:2857

CREATE TABLE x (c INT);

WITH x AS (((SELECT (WITH x AS (WITH x AS (SELECT (x) FROM x UNION SELECT 1 AS x FROM x) SELECT 1) SELECT 1)))) SELECT 1;

10.11.2 c194db34d93d8d94bd52b17349063fa401e3f942 (Debug)
10.11.2-dbg>SHOW FULL PROCESSLIST\G
************************* 1. row *************************
Id: 4
User: root
Host: localhost
db: test
Command: Query
Time: 17
State: starting
Info: WITH x AS (((SELECT (WITH x AS (WITH x AS (SELECT (x) FROM x UNION SELECT 1 AS x FROM x) SELECT 1) SELECT 1)))) SELECT 1
Progress: 0.000

CREATE TABLE x ( x FLOAT ) ;

INSERT INTO x ( x ) VALUES ( 67 ) ;

UPDATE x SET x = -1 WHERE x = 33 ;

INSERT INTO x ( x ) VALUES ( -1 ) , ( 0 ) ;

WITH x AS ( WITH x AS ( WITH x AS ( SELECT ( WITH x AS ( SELECT 1 FROM ( SELECT * FROM x WHERE x = 1 ) AS x GROUP BY x ) SELECT x FROM x AS x ) IN ( SELECT 1 FROM ( SELECT 1 ) AS x ) FROM ( SELECT x FROM x GROUP BY x ) AS x ) SELECT x FROM x WHERE ( SELECT x LIMIT 1 OFFSET 1 ) IN ( SELECT x FROM ( SELECT x , ( SELECT x FROM x AS x LIMIT 1 OFFSET 1 ) IN ( SELECT x WHERE x != 84 GROUP BY x ) AS x FROM x ) AS x WHERE x != 28 GROUP BY x ) ) SELECT x FROM ( SELECT x FROM x ) AS x ) SELECT x FROM x WHERE ( SELECT x FROM x AS x LIMIT 1 OFFSET 1 ) IN ( SELECT x FROM ( SELECT x , ( SELECT x FROM x AS x LIMIT 1 OFFSET 1 ) IN ( SELECT 1 IN ( SELECT 1 FROM ( SELECT 1 ) AS x ) FROM ( SELECT 1 ) AS x GROUP BY 0 ) AS x FROM x ) AS x WHERE x != 28 GROUP BY x ) ;

SELECT 1 WHERE 1 IN ( SELECT 1 FROM ( SELECT 1 IN ( SELECT 1 FROM ( SELECT 1 ) AS x ) AS x FROM ( SELECT 1 ) AS x ) AS x WHERE x = 1 GROUP BY x ) ;

CREATE TABLE x ( x FLOAT ) ;

WITH x AS ( SELECT x FROM ( SELECT x FROM x GROUP BY x ) AS x ) SELECT x FROM x WHERE ( SELECT x FROM x AS x LIMIT 1 OFFSET 1 ) IN ( SELECT x FROM ( SELECT x , ( SELECT x FROM x AS x LIMIT 1 OFFSET 1 ) IN ( SELECT 1 FROM ( WITH x AS ( SELECT 1 FROM ( SELECT * FROM x WHERE x = 1 ) AS x GROUP BY x ) SELECT 1 FROM ( SELECT 1 ) AS x NATURAL JOIN x AS x , x AS x NATURAL JOIN x ) AS x NATURAL JOIN x AS x WHERE x = 1 GROUP BY x ) AS x FROM x ) AS x WHERE x = 1 GROUP BY x ) ;

CREATE TABLE x ( x FLOAT ) ;

INSERT INTO x ( x ) VALUES ( 67 ) ;

UPDATE x SET x = -1 WHERE ( WITH x AS ( SELECT 1 FROM ( SELECT * FROM x WHERE x = 1 ) AS x GROUP BY x ) SELECT 1 FROM ( WITH x AS ( WITH x AS ( WITH x AS ( SELECT x FROM ( SELECT x FROM x GROUP BY x ) AS x ) SELECT x FROM x WHERE ( SELECT x FROM x AS x LIMIT 1 OFFSET 1 ) IN ( SELECT x FROM ( SELECT 1 WHERE x = 1 GROUP BY x ) AS x WHERE x != 28 GROUP BY x ) ) SELECT x % 52 != 50 FROM ( SELECT -128 , 51 , x FROM x WHERE x = 83 ) AS x GROUP BY x ) SELECT x FROM x ) AS x LIMIT 1 OFFSET 1 ) ;

INSERT INTO x ( x ) VALUES ( -1 ) , ( 0 ) ;

WITH x AS ( SELECT x FROM ( SELECT x FROM x GROUP BY x ) AS x ) SELECT x FROM x WHERE ( SELECT x FROM x AS x LIMIT 1 OFFSET 1 ) IN ( SELECT x FROM ( SELECT x , ( SELECT x FROM x AS x LIMIT 1 OFFSET 1 ) IN ( SELECT DISTINCT x WHERE x != 84 GROUP BY x ) AS x FROM x ) AS x WHERE x != 28 GROUP BY x ) ;

SELECT 1 WHERE 1 IN ( SELECT 1 FROM ( SELECT 1 IN ( SELECT 1 FROM ( SELECT 1 ) AS x ) AS x FROM ( SELECT 1 ) AS x ) AS x WHERE x = 1 GROUP BY x ) ;

CREATE TABLE x ( x FLOAT ) ;

WITH x AS ( SELECT x FROM ( SELECT x FROM x GROUP BY x ) AS x ) SELECT x FROM x WHERE ( SELECT x FROM x AS x LIMIT 1 OFFSET 1 ) IN ( SELECT x FROM ( SELECT x , ( SELECT x FROM x AS x LIMIT 1 OFFSET 1 ) IN ( SELECT 1 FROM ( WITH x AS ( SELECT 1 FROM ( SELECT * FROM x WHERE x = 1 ) AS x GROUP BY x ) SELECT 1 FROM ( SELECT 1 ) AS x NATURAL JOIN x AS x , x AS x NATURAL JOIN x ) AS x NATURAL JOIN x AS x WHERE x = 1 GROUP BY x ) AS x FROM x ) AS x WHERE x = 1 GROUP BY x ) ;

WITH dt as (SELECT (WITH x AS (WITH x AS (SELECT a FROM x) SELECT 1 as b) SELECT b FROM x) as c) SELECT dt.c from dt

ERROR 1146 (42S02): Table 'test.x' doesn't exist

MariaDB [test]> WITH dt as (SELECT (WITH x AS (WITH x AS (SELECT a FROM x) SELECT 1 as b) SELECT b FROM x) as c) SELECT dt.c from dt;

+------+

| c    |

+------+

|    1 |

+------+

WITH x as (SELECT (WITH x AS (WITH x AS (SELECT a FROM x) SELECT 1 as b) SELECT b FROM x) as c) SELECT x.c from x;

diff --git a/sql/sql_cte.cc b/sql/sql_cte.cc

index d7e3eec..3453619 100644

--- a/sql/sql_cte.cc

+++ b/sql/sql_cte.cc

@@ -93,49 +93,6 @@ bool LEX::check_dependencies_in_with_clauses()

/**

   @brief

-    Resolve references to CTE in specification of hanging CTE

-  @details

-    A CTE to which there are no references in the query is called hanging CTE.

-    Although such CTE is not used for execution its specification must be

-    subject to context analysis. All errors concerning references to

-    non-existing tables or fields occurred in the specification must be

-    reported as well as all other errors caught at the prepare stage.

-    The specification of a hanging CTE might contain references to other

-    CTE outside of the specification and within it if the specification

-    contains a with clause. This function resolves all such references for

-    all hanging CTEs encountered in the processed query.

-  @retval

-    false   on success

-    true    on failure

-*/

-bool

-LEX::resolve_references_to_cte_in_hanging_cte()

-{

-  for (With_clause *with_clause= with_clauses_list;

-       with_clause; with_clause= with_clause->next_with_clause)

-  {

-    for (With_element *with_elem= with_clause->with_list.first;

-         with_elem; with_elem= with_elem->next)

-    {

-      if (!with_elem->is_referenced())

-      {

-        TABLE_LIST *first_tbl=

-                     with_elem->spec->first_select()->table_list.first;

-        TABLE_LIST **with_elem_end_pos= with_elem->head->tables_pos.end_pos;

-        if (first_tbl && resolve_references_to_cte(first_tbl, with_elem_end_pos))

-          return true;

-      }

-    }

-  }

-  return false;

-}

-/**

-  @brief

     Resolve table references to CTE from a sub-chain of table references

   @param tables      Points to the beginning of the sub-chain

@@ -279,8 +236,6 @@ LEX::check_cte_dependencies_and_resolve_references()

     return false;

   if (resolve_references_to_cte(query_tables, query_tables_last))

     return true;

-  if (resolve_references_to_cte_in_hanging_cte())

-    return true;

   return false;

@@ -454,6 +409,18 @@ With_element *With_clause::find_table_def(TABLE_LIST *table,

   return NULL;

+With_element *With_clause::find_with_element_by_spec(st_select_lex_unit *spec)

+{

+  for (With_element *with_elem= with_list.first;

+       with_elem;

+       with_elem= with_elem->next)

+  {

+    if (with_elem->spec == spec)

+      return with_elem;

+  }

+  return NULL;

+}

/**

   @brief

@@ -479,6 +446,7 @@ With_element *find_table_def_in_with_clauses(TABLE_LIST *tbl,

                                              st_unit_ctxt_elem *ctxt)

   With_element *found= 0;

+  st_select_lex_unit *top_unit= 0;

   for (st_unit_ctxt_elem *unit_ctxt_elem= ctxt;

        unit_ctxt_elem;

        unit_ctxt_elem= unit_ctxt_elem->prev)

@@ -491,7 +459,10 @@ With_element *find_table_def_in_with_clauses(TABLE_LIST *tbl,

*/

     if (with_clause)

-      found= with_clause->find_table_def(tbl, NULL);

+      With_element *barrier= 0;

+      if (top_unit && !with_clause->with_recursive)

+        barrier= with_clause->find_with_element_by_spec(top_unit);

+      found= with_clause->find_table_def(tbl, barrier);

       if (found)

         break;

@@ -504,6 +475,7 @@ With_element *find_table_def_in_with_clauses(TABLE_LIST *tbl,

       if (!(unit_ctxt_elem= unit_ctxt_elem->prev))

         break;

+      top_unit= unit;

       unit= unit_ctxt_elem->unit;

     with_clause= unit->with_clause;

@@ -514,12 +486,16 @@ With_element *find_table_def_in_with_clauses(TABLE_LIST *tbl,

*/

     if (with_clause)

+      With_element *barrier= 0;

+      if (top_unit && !with_clause->with_recursive)

+        barrier= with_clause->find_with_element_by_spec(top_unit);

       found= with_clause->find_table_def(tbl,

                                          with_clause->with_recursive ?

-			                 NULL : with_elem);

+			                 NULL : barrier);

       if (found)

 	break;

+    top_unit= unit;

   return found;

diff --git a/sql/sql_cte.h b/sql/sql_cte.h

index b270818..9bbe0c1 100644

--- a/sql/sql_cte.h

+++ b/sql/sql_cte.h

@@ -322,8 +322,6 @@ class With_element : public Sql_alloc

   friend

   bool LEX::resolve_references_to_cte(TABLE_LIST *tables,

                                       TABLE_LIST **tables_last);

-  friend

-  bool LEX::resolve_references_to_cte_in_hanging_cte();

};

 const uint max_number_of_elements_in_with_clause= sizeof(table_map)*8;

@@ -421,6 +419,8 @@ class With_clause : public Sql_alloc

   void move_anchors_ahead();

+  With_element *find_with_element_by_spec(st_select_lex_unit *spec);

   With_element *find_table_def(TABLE_LIST *table, With_element *barrier);

   With_element *find_table_def_in_with_clauses(TABLE_LIST *table);

@@ -435,9 +435,6 @@ class With_clause : public Sql_alloc

   friend

   bool LEX::check_dependencies_in_with_clauses();

-  friend

-  bool LEX::resolve_references_to_cte_in_hanging_cte();

};

 inline

diff --git a/sql/sql_lex.h b/sql/sql_lex.h

index bdc8b54..d594b8d 100644

--- a/sql/sql_lex.h

+++ b/sql/sql_lex.h

@@ -4053,7 +4053,6 @@ struct LEX: public Query_tables_list

   bool check_dependencies_in_with_clauses();

-  bool resolve_references_to_cte_in_hanging_cte();

   bool check_cte_dependencies_and_resolve_references();

   bool resolve_references_to_cte(TABLE_LIST *tables,

                                  TABLE_LIST **tables_last);

WITH cte AS

  SELECT

      WITH x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b)

      SELECT b FROM x AS r

    ) AS c

SELECT cte.c from cte;

WITH x AS (SELECT a FROM x AS t)

      WITH x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b)

WITH cte AS

  SELECT

      WITH x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b)

      SELECT b FROM x AS r

    ) AS c

  SELECT

      WITH x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b)

      SELECT b FROM x AS r

    ) AS c

      WITH x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b)

      x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b)

      x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b)

SELECT a FROM x AS t

WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b

WITH cte AS

  SELECT

      WITH x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b)

      SELECT b FROM x AS r

    ) AS c

SELECT cte.c FROM cte;

WITH cte AS

  SELECT

      WITH x AS

      (WITH y AS (SELECT a FROM x AS t) SELECT b FROM t1)

      SELECT b FROM x AS r

    ) AS c

SELECT cte.c FROM cte;

CREATE TABLE t1(b int);

WITH cte AS

  SELECT

      WITH x AS

      (WITH y(b) AS (SELECT a FROM x AS t LIMIT 1) SELECT b FROM y)

      SELECT b FROM x AS r

    ) AS c

SELECT cte.c FROM cte;

WITH cte AS

  SELECT

      WITH x AS

      (WITH x(b) AS (SELECT a FROM x AS t LIMIT 1) SELECT b FROM x)

      SELECT b FROM x AS r

    ) AS c

SELECT cte.c FROM cte;

WITH x AS

  SELECT

      WITH x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b)

      SELECT b FROM x AS r

    ) AS c

SELECT x.c from x;

WITH cte AS

  SELECT

      WITH x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 2 AS b)

      SELECT r1.b FROM x AS r1, x AS r2 WHERE r1.b=r2.b

    ) AS c

SELECT cte.c from cte;

WITH cte AS

  SELECT

      WITH x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT 1 AS b)

      SELECT b FROM x AS r

    ) AS c

SELECT cte.c FROM cte;

ERROR 1146 (42S02): Table 'test.x' doesn't exist

WITH cte AS

  SELECT

      WITH x AS

      (WITH x AS (SELECT a FROM x AS t) SELECT b FROM t1)

      SELECT b FROM x AS r

    ) AS c

SELECT cte.c FROM cte;

WITH x AS (((SELECT (WITH x AS (WITH x AS (SELECT 1 FROM x) SELECT 1) SELECT 1)))) SELECT 1;

SIGSEGV|st_select_lex::first_inner_unit|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude

SIGSEGV|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude

[MDEV-30248] Infinite sequence of recursive calls when processing embedded CTE Created: 2022-12-17 Updated: 2023-02-13 Resolved: 2023-01-25
Status:	Closed
Project:	MariaDB Server
Component/s:	Optimizer - CTE
Affects Version/s:	10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11
Fix Version/s:	10.11.2, 10.3.38, 10.4.28, 10.5.19, 10.6.12, 10.7.8, 10.8.7, 10.9.5, 10.10.3

[MDEV-30248] Infinite sequence of recursive calls when processing embedded CTE Created: 2022-12-17 Updated: 2023-02-13 Resolved: 2023-01-25