MDEV-24176 Server crashes after insert in the table with virtual

column generated using date_format() and if() vcol_info->expr is allocated on expr_arena at parsing stage. Since expr item is allocated on expr_arena all its containee items must be allocated on expr_arena too. Otherwise fix_session_expr() will encounter prematurely freed item. When table is reopened from cache vcol_info contains stale expression. We refresh expression via TABLE::vcol_fix_exprs() but first we must prepare a proper context (Vcol_expr_context) which meets some requirements: 1. As noted above expr update must be done on expr_arena as there may be new items created. It was a bug in fix_session_expr_for_read() and was just not reproduced because of no second refix. Now refix is done for more cases so it does reproduce. Tests affected: vcol.binlog 2. Also name resolution context must be narrowed to the single table. Tested by: vcol.update main.default vcol.vcol_syntax gcol.gcol_bugfixes 3. sql_mode must be clean and not fail expr update. sql_mode such as MODE_NO_BACKSLASH_ESCAPES, MODE_NO_ZERO_IN_DATE, etc must not affect vcol expression update. If the table was created successfully any further evaluation must not fail. Tests affected: main.func_like Reviewed by: Sergei Golubchik <serg@mariadb.org>

Author: midenok

mysql-test/suite/vcol/r/vcol_syntax.result

@@ -94,6 +94,97 @@ create table t1 (a int, v_a int generated always as (a));
 update t1 as x set a = 1;
 alter table t1 force;
 drop table t1;
+create table t1 (
+id int not null auto_increment primary key,
+order_date_time datetime not null,
+order_date date generated always as (convert(order_date_time, date)),
+language_id binary(16) null
+);
+update t1 as tx set order_date= null;
+alter table t1 modify column language_id binary(16) not null;
+drop table t1;
 #
-# End of 10.2 tests
+# MDEV-24176 Server crashes after insert in the table with virtual column generated using date_format() and if()
 #
+create table t1 (d1 date not null, d2 date not null,
+gd text as (concat(d1,if(d1 <> d2, date_format(d2, 'to %y-%m-%d '), ''))) );
+insert into t1(d1,d2) values
+('2020-09-01','2020-09-01'),('2020-05-01','2020-09-01');
+select * from t1;
+d1	d2	gd
+2020-09-01	2020-09-01	2020-09-01
+2020-05-01	2020-09-01	2020-05-01to 20-09-01 
+drop table t1;
+# MDEV-25772 (duplicate) and LOCK TABLES case
+create table t1 (d1 datetime , v_d1 tinyint(1) as (d1 < curdate()));
+insert into t1 (d1) values ('2021-09-11 08:38:23'), ('2021-09-01 08:38:23');
+lock tables t1 write;
+select * from t1 where v_d1=1;
+d1	v_d1
+2021-09-11 08:38:23	1
+2021-09-01 08:38:23	1
+select * from t1;
+d1	v_d1
+2021-09-11 08:38:23	1
+2021-09-01 08:38:23	1
+unlock tables;
+drop table t1;
+# MDEV-26432 (duplicate)
+create table t1 (v2 int, v1 int as ((user() like 'x'))) ;
+select 1 from t1 where v1=1 ;
+1
+select * from t1;
+v2	v1
+drop table t1;
+create table t1 (v2 int as ( user () like 'x'));
+select 1 from t1 order by v2 ;
+1
+alter table t1 add i int;
+drop table t1;
+# MDEV-26437 (duplicate)
+create table v0 (v2 int not null,
+v1 bigint as (case 'x' when current_user() then v2 end));
+select v2 as v3 from v0 where v1 like 'x' escape 'x';
+v3
+insert into v0 (v2) values (-128);
+drop table v0;
+create table t1 (vi int as (case 'x' when current_user() then 1 end));
+select 1 from t1 where vi=1;
+1
+show create table t1;
+Table	Create Table
+t1	CREATE TABLE `t1` (
+ `vi` int(11) GENERATED ALWAYS AS (case 'x' when current_user() then 1 end) VIRTUAL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1
+drop table t1;
+create table t1 (vi int as (case 'x' when current_user() then 1 end));
+select 1 from t1 where vi=1;
+1
+select 1 from t1 where vi=1;
+1
+drop table t1;
+# MDEV-28092 (duplicate)
+create table t1 (b timestamp, a int as (1 in (dayofmonth (b between 'x' and current_user) = b)));
+insert into t1(b) values ('2022-03-17 14:55:37');
+select 1 from t1 x natural join t1;
+1
+1
+Warnings:
+Warning	1292	Incorrect datetime value: 'x'
+Warning	1292	Incorrect datetime value: 'root@localhost'
+Warning	1292	Incorrect datetime value: 'x'
+Warning	1292	Incorrect datetime value: 'root@localhost'
+drop table t1;
+# MDEV-28089 (duplicate)
+create table t1 (a int , b date as (1 in ('x' ,(database () = 'x' is null) ))) ;
+select b from t1;
+b
+select a from t1 order by 'x' = b;
+a
+drop table t1;
+create table t1 (a int , b date as (1 in ('x' ,(database ()) ))) ;
+select b from t1;
+b
+select a from t1 order by 'x' = b;
+a
+drop table t1;

mysql-test/suite/vcol/t/vcol_syntax.test

@@ -77,7 +77,88 @@ update t1 as x set a = 1;
 alter table t1 force;
 drop table t1;
 
+create table t1 (
+ id int not null auto_increment primary key,
+ order_date_time datetime not null,
+ order_date date generated always as (convert(order_date_time, date)),
+ language_id binary(16) null
+);
+
+update t1 as tx set order_date= null;
+alter table t1 modify column language_id binary(16) not null;
+# Cleanup
+drop table t1;
 
 --echo #
---echo # End of 10.2 tests
+--echo # MDEV-24176 Server crashes after insert in the table with virtual column generated using date_format() and if()
 --echo #
+create table t1 (d1 date not null, d2 date not null,
+ gd text as (concat(d1,if(d1 <> d2, date_format(d2, 'to %y-%m-%d '), ''))) );
+
+insert into t1(d1,d2) values
+ ('2020-09-01','2020-09-01'),('2020-05-01','2020-09-01');
+select * from t1;
+
+drop table t1;
+
+--echo # MDEV-25772 (duplicate) and LOCK TABLES case
+create table t1 (d1 datetime , v_d1 tinyint(1) as (d1 < curdate()));
+insert into t1 (d1) values ('2021-09-11 08:38:23'), ('2021-09-01 08:38:23');
+
+lock tables t1 write;
+select * from t1 where v_d1=1;
+select * from t1;
+unlock tables;
+
+drop table t1;
+
+--echo # MDEV-26432 (duplicate)
+create table t1 (v2 int, v1 int as ((user() like 'x'))) ;
+select 1 from t1 where v1=1 ;
+select * from t1;
+
+drop table t1;
+
+create table t1 (v2 int as ( user () like 'x'));
+select 1 from t1 order by v2 ;
+alter table t1 add i int;
+drop table t1;
+
+--echo # MDEV-26437 (duplicate)
+create table v0 (v2 int not null,
+ v1 bigint as (case 'x' when current_user() then v2 end));
+
+select v2 as v3 from v0 where v1 like 'x' escape 'x';
+insert into v0 (v2) values (-128);
+
+drop table v0;
+
+create table t1 (vi int as (case 'x' when current_user() then 1 end));
+select 1 from t1 where vi=1;
+show create table t1;
+
+drop table t1;
+
+create table t1 (vi int as (case 'x' when current_user() then 1 end));
+select 1 from t1 where vi=1;
+select 1 from t1 where vi=1;
+
+drop table t1;
+
+--echo # MDEV-28092 (duplicate)
+create table t1 (b timestamp, a int as (1 in (dayofmonth (b between 'x' and current_user) = b)));
+insert into t1(b) values ('2022-03-17 14:55:37');
+
+select 1 from t1 x natural join t1;
+drop table t1;
+
+--echo # MDEV-28089 (duplicate)
+create table t1 (a int , b date as (1 in ('x' ,(database () = 'x' is null) ))) ;
+select b from t1;
+select a from t1 order by 'x' = b;
+drop table t1;
+
+create table t1 (a int , b date as (1 in ('x' ,(database ()) ))) ;
+select b from t1;
+select a from t1 order by 'x' = b;
+drop table t1;

sql/event_db_repository.cc

@@ -610,6 +610,8 @@ Event_db_repository::open_event_table(THD *thd, enum thr_lock_type lock_type,
 
  *table= tables.table;
  tables.table->use_all_columns();
+ /* NOTE: &tables pointer will be invalid after return */
+ tables.table->pos_in_table_list= NULL;
 
  if (table_intact.check(*table, &event_table_def))
  {

sql/field.cc

@@ -2416,6 +2416,11 @@ int Field::set_default()
  if (default_value)
  {
  Query_arena backup_arena;
+ /*
+ TODO: this may impose memory leak until table flush.
+ See comment in
+ TABLE::update_virtual_fields(handler *, enum_vcol_update_mode).
+ */
  table->in_use->set_n_backup_active_arena(table->expr_arena, &backup_arena);
  int rc= default_value->expr->save_in_field(this, 0);
  table->in_use->restore_active_arena(table->expr_arena, &backup_arena);

sql/field.h

@@ -616,9 +616,13 @@ class Virtual_column_info: public Sql_alloc
  {
  in_partitioning_expr= TRUE;
  }
+ bool need_refix() const
+ {
+ return flags & VCOL_SESSION_FUNC;
+ }
  bool fix_expr(THD *thd);
  bool fix_session_expr(THD *thd);
- bool fix_session_expr_for_read(THD *thd, Field *field);
+ bool cleanup_session_expr();
  bool fix_and_check_expr(THD *thd, TABLE *table);
  inline bool is_equal(const Virtual_column_info* vcol) const;
  inline void print(String*);

sql/item.cc

@@ -835,7 +835,6 @@ bool Item_ident::remove_dependence_processor(void * arg)
  DBUG_RETURN(0);
 }
 
-
 bool Item_ident::collect_outer_ref_processor(void *param)
 {
  Collect_deps_prm *prm= (Collect_deps_prm *)param;
@@ -6376,9 +6375,6 @@ bool Item_field::fix_fields(THD *thd, Item **reference)
  }
 #endif
  fixed= 1;
- if (field->vcol_info &&
- field->vcol_info->fix_session_expr_for_read(thd, field))
- goto error;
  if (thd->variables.sql_mode & MODE_ONLY_FULL_GROUP_BY &&
  !outer_fixed && !thd->lex->in_sum_func &&
  select &&
@@ -9500,12 +9496,6 @@ bool Item_default_value::fix_fields(THD *thd, Item **items)
  uchar *newptr= (uchar*) thd->alloc(1+def_field->pack_length());
  if (!newptr)
  goto error;
- /*
- Even if DEFAULT() do not read tables fields, the default value
- expression can do it.
- */
- if (def_field->default_value->fix_session_expr_for_read(thd, def_field))
- goto error;
  if (should_mark_column(thd->column_usage))
  def_field->default_value->expr->update_used_tables();
  def_field->move_field(newptr+1, def_field->maybe_null() ? newptr : 0, 1);

sql/item.h

@@ -2925,10 +2925,8 @@ class Item_ident :public Item_result_field
  const char *table_name;
  LEX_CSTRING field_name;
  /*
- NOTE: came from TABLE::alias_name_used and this is only a hint! It works
- only in need_correct_ident() condition. On other cases it is FALSE even if
- table_name is alias! It cannot be TRUE in these cases, lots of spaghetti
- logic depends on that.
+ NOTE: came from TABLE::alias_name_used and this is only a hint!
+ See comment for TABLE::alias_name_used.
  */
  bool alias_name_used; /* true if item was resolved against alias */
  /* 

sql/sql_base.cc

@@ -749,6 +749,8 @@ void close_thread_tables(THD *thd)
  /* Table might be in use by some outer statement. */
  DBUG_PRINT("tcache", ("table: '%s' query_id: %lu",
  table->s->table_name.str, (ulong) table->query_id));
+ if (thd->locked_tables_mode)
+ table->vcol_cleanup_expr(thd);
  if (thd->locked_tables_mode <= LTM_LOCK_TABLES ||
  table->query_id == thd->query_id)
  {
@@ -884,6 +886,8 @@ void close_thread_table(THD *thd, TABLE **table_ptr)
  table->s->db.str,
  table->s->table_name.str,
  MDL_SHARED));
+
+ table->vcol_cleanup_expr(thd);
  table->mdl_ticket= NULL;
 
  if (table->file)
@@ -1610,6 +1614,7 @@ bool open_table(THD *thd, TABLE_LIST *table_list, Open_table_context *ot_ctx)
  MDL_ticket *mdl_ticket;
  TABLE_SHARE *share;
  uint gts_flags;
+ bool from_share= false;
 #ifdef WITH_PARTITION_STORAGE_ENGINE
  int part_names_error=0;
 #endif
@@ -2021,6 +2026,7 @@ bool open_table(THD *thd, TABLE_LIST *table_list, Open_table_context *ot_ctx)
 
  /* Add table to the share's used tables list. */
  tc_add_table(thd, table);
+ from_share= true;
  }
 
  table->mdl_ticket= mdl_ticket;
@@ -2040,7 +2046,7 @@ bool open_table(THD *thd, TABLE_LIST *table_list, Open_table_context *ot_ctx)
  table_list->updatable= 1; // It is not derived table nor non-updatable VIEW
  table_list->table= table;
 
- if (table->vcol_fix_exprs(thd))
+ if (!from_share && table->vcol_fix_expr(thd))
  goto err_lock;
 
 #ifdef WITH_PARTITION_STORAGE_ENGINE
@@ -5293,46 +5299,6 @@ static void mark_real_tables_as_free_for_reuse(TABLE_LIST *table_list)
  }
 }
 
-bool TABLE::vcol_fix_exprs(THD *thd)
-{
- if (pos_in_table_list->placeholder() || !s->vcols_need_refixing ||
- pos_in_table_list->lock_type < TL_WRITE_ALLOW_WRITE)
- return false;
-
- DBUG_ASSERT(pos_in_table_list != thd->lex->first_not_own_table());
-
- bool result= true;
- Security_context *save_security_ctx= thd->security_ctx;
- Query_arena *stmt_backup= thd->stmt_arena;
- if (thd->stmt_arena->is_conventional())
- thd->stmt_arena= expr_arena;
-
- if (pos_in_table_list->security_ctx)
- thd->security_ctx= pos_in_table_list->security_ctx;
-
-
- for (Field **vf= vfield; vf && *vf; vf++)
- if ((*vf)->vcol_info->fix_session_expr(thd))
- goto end;
-
- for (Field **df= default_field; df && *df; df++)
- if ((*df)->default_value &&
- (*df)->default_value->fix_session_expr(thd))
- goto end;
-
- for (Virtual_column_info **cc= check_constraints; cc && *cc; cc++)
- if ((*cc)->fix_session_expr(thd))
- goto end;
-
- result= false;
-
-end:
- thd->security_ctx= save_security_ctx;
- thd->stmt_arena= stmt_backup;
-
- return result;
-}
-
 
 /**
  Lock all tables in a list.