Bug#48157: crash in Item_field::used_tables

MySQL handles the join syntax "JOIN ... USING( field1, ... )" and natural joins by building the same parse tree as a corresponding join with an "ON t1.field1 = t2.field1 ..." expression would produce. This parse tree was not cleaned up properly in the following scenario. If a thread tries to lock some tables and finds that the tables were dropped and re-created while waiting for the lock, it cleans up column references in the statement by means a per-statement free list. But if the statement was part of a stored procedure, column references on the stored procedure's free list weren't cleaned up and thus contained pointers to freed objects. Fixed by adding a call to clean up the current prepared statement's free list. This is a backport from MySQL 5.1
2025-07-30 16:24:05 +03:00 · 2010-05-11 16:21:05 +02:00
parent 4e75f7c053
commit 27ac666fea
3 changed files with 13 additions and 3 deletions
--- a/sql/sql_update.cc
+++ b/sql/sql_update.cc
@ -908,8 +908,9 @@ reopen_tables:
      items from 'fields' list, so the cleanup above is necessary to.
    */
    cleanup_items(thd->free_list);
-
+    cleanup_items(thd->stmt_arena->free_list);
    close_tables_for_reopen(thd, &table_list);
+
    goto reopen_tables;
  }