Bug#36593235: MySQL server 8.3.0 crashes at

              Item_rollup_sum_switcher::current_arg

Backport to 5.7.49.

Problem is seen when a subquery containing a aggregate
function with rollup is part of a row value comparator
and if there were no rows returned from the subquery.

cmp_item_row::store_value() evaluates the subquery and
goes ahead to store the values of the expressions in
the comparator without checking if the result was assigned
for the subquery. This leads to evaluation of a rollup
expression when it is marked as not to be evaluated as
aggregation was completed earlier. For the failing
query, AggregateIterator() does evaluate the expressions.
However HAVING clause does not qualify the rows. So the
result of the aggregation is never cached.

If a subquery returns empty result, bring_value()
would set the "null_value" to true.
cmp_item_row::store_value() now stores the value of
the underlying comparator objects only when the
result is not null. Else the result is set
to null.

Change-Id: I7bb17e621f1e5b439f6284c279ce69b80dace237

Author: Chaithra Gopalareddy

sql/item_cmpfunc.cc

@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2024, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -4929,12 +4929,20 @@ void cmp_item_row::store_value(Item *item)
   assert(comparators);
   if (comparators)
   {
-    item->bring_value();
     item->null_value= 0;
-    for (uint i= 0; i < n; i++)
+    item->bring_value();
+    if (item->null_value)
     {
-      comparators[i]->store_value(item->element_index(i));
-      item->null_value|= item->element_index(i)->null_value;
+      set_null_value(/*nv=*/true);
+    }
+    else
+    {
+      item->null_value= false;
+      for (uint i= 0; i < n; i++)
+      {
+        comparators[i]->store_value(item->element_index(i));
+        item->null_value|= item->element_index(i)->null_value;
+      }
     }
   }
   DBUG_VOID_RETURN;
@@ -4952,15 +4960,23 @@ void cmp_item_row::store_value_by_template(cmp_item *t, Item *item)
   n= tmpl->n;
   if ((comparators= (cmp_item **) sql_alloc(sizeof(cmp_item *)*n)))
   {
-    item->bring_value();
     item->null_value= 0;
-    for (uint i=0; i < n; i++)
+    item->bring_value();
+    if (item->null_value)
     {
-      if (!(comparators[i]= tmpl->comparators[i]->make_same()))
-	break;					// new failed
-      comparators[i]->store_value_by_template(tmpl->comparators[i],
-					      item->element_index(i));
-      item->null_value|= item->element_index(i)->null_value;
+      set_null_value(/*nv=*/true);
+    }
+    else
+    {
+      item->null_value= false;
+      for (uint i= 0; i < n; i++)
+      {
+        if (!(comparators[i]= tmpl->comparators[i]->make_same()))
+          break;                                  // new failed
+        comparators[i]->store_value_by_template(tmpl->comparators[i],
+                                                item->element_index(i));
+        item->null_value|= item->element_index(i)->null_value;
+      }
     }
   }
 }

sql/item_cmpfunc.h

@@ -1,7 +1,7 @@
 #ifndef ITEM_CMPFUNC_INCLUDED
 #define ITEM_CMPFUNC_INCLUDED
 
-/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2024, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -1419,6 +1419,7 @@ class cmp_item :public Sql_alloc
   {
     store_value(item);
   }
+  virtual void set_null_value(bool nv) = 0;
 };
 
 /// cmp_item which stores a scalar (i.e. non-ROW).
@@ -1768,6 +1769,13 @@ class cmp_item_row :public cmp_item
   int compare(const cmp_item *arg) const;
   cmp_item *make_same();
   void store_value_by_template(cmp_item *tmpl, Item *);
+  void set_null_value(bool nv)
+  {
+    for (uint i= 0; i < n; i++)
+    {
+      comparators[i]->set_null_value(nv);
+    }
+  }
   friend void Item_func_in::fix_length_and_dec();
 };