From 1742561b4e750b9ec1b1640f4725a218d79b50b1 Mon Sep 17 00:00:00 2001 From: kevg Date: Sat, 10 Dec 2016 18:33:40 +0300 Subject: [PATCH] fix use-after-free [closes #89] --- mysql-test/suite/versioning/r/alter.result | 4 ++-- .../versioning/r/optimized_fields.result | 1 + sql/item.cc | 22 ++++++++----------- 3 files changed, 12 insertions(+), 15 deletions(-) diff --git a/mysql-test/suite/versioning/r/alter.result b/mysql-test/suite/versioning/r/alter.result index 5011302f151..a8019c66c37 100644 --- a/mysql-test/suite/versioning/r/alter.result +++ b/mysql-test/suite/versioning/r/alter.result @@ -276,7 +276,7 @@ t CREATE TABLE `t` ( ) ENGINE=InnoDB DEFAULT CHARSET=latin1 WITH SYSTEM VERSIONING alter table t without system versioning; alter table t with system versioning, algorithm=inplace; -ERROR 0A000: ALGORITHM=INPLACE is not supported for this operation. Try ALGORITHM=COPY. +ERROR 0A000: ALGORITHM=INPLACE is not supported for this operation. Try ALGORITHM=COPY alter table t with system versioning, algorithm=copy; show create table t; Table Create Table @@ -346,7 +346,7 @@ a 2 1 alter table t without system versioning, algorithm=inplace; -ERROR 0A000: ALGORITHM=INPLACE is not supported for this operation. Try ALGORITHM=COPY. +ERROR 0A000: ALGORITHM=INPLACE is not supported for this operation. Try ALGORITHM=COPY alter table t without system versioning, algorithm=copy; show create table t; Table Create Table diff --git a/mysql-test/suite/versioning/r/optimized_fields.result b/mysql-test/suite/versioning/r/optimized_fields.result index 4d7878e8b9e..ea5b174f6dd 100644 --- a/mysql-test/suite/versioning/r/optimized_fields.result +++ b/mysql-test/suite/versioning/r/optimized_fields.result @@ -18,6 +18,7 @@ a b b+0 3 NULL NULL Warnings: Warning 4075 Attempt to read unversioned field `b` in historical query +Warning 4075 Attempt to read unversioned field `b` in historical query select * from t for system_time as of timestamp now(6); a b 1 NULL diff --git a/sql/item.cc b/sql/item.cc index e36fadea957..4bcdb477a51 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -2760,19 +2760,17 @@ void Item_field::set_field(Field *field_par) if (field->table->s->tmp_table == SYSTEM_TMP_TABLE) any_privileges= 0; - if (field->flags & VERS_OPTIMIZED_UPDATE_FLAG && context && context->select_lex && - context->select_lex->vers_conditions.type != - FOR_SYSTEM_TIME_UNSPECIFIED && - !field->force_null) + field->force_null= false; + if (field->flags & VERS_OPTIMIZED_UPDATE_FLAG && context && + context->select_lex && + context->select_lex->vers_conditions.type != FOR_SYSTEM_TIME_UNSPECIFIED) { - DBUG_ASSERT(context->select_lex->parent_lex && - context->select_lex->parent_lex->thd); field->force_null= true; - THD *thd= context->select_lex->parent_lex->thd; - push_warning_printf(thd, Sql_condition::WARN_LEVEL_WARN, - ER_NON_VERSIONED_FIELD_IN_VERSIONED_QUERY, - ER_THD(thd, ER_NON_VERSIONED_FIELD_IN_VERSIONED_QUERY), - field_name); + push_warning_printf( + current_thd, Sql_condition::WARN_LEVEL_WARN, + ER_NON_VERSIONED_FIELD_IN_VERSIONED_QUERY, + ER_THD(current_thd, ER_NON_VERSIONED_FIELD_IN_VERSIONED_QUERY), + field_name); } } @@ -5922,8 +5920,6 @@ void Item_field::cleanup() it will be linked correctly next time by name of field and table alias. I.e. we can drop 'field'. */ - if (field) - field->force_null= false; field= 0; item_equal= NULL; null_value= FALSE;