database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-3810 fix.

Browse Source 
The problem is that memory alocated by copy_andor_structure() well be freed,
but if level of SELECT_LEX it will be excluded (in case of merge derived tables and view)
then sl->where/having will not be updated here but still can be accessed (so it will be access to freed memory).

(patch by Sanja)
This commit is contained in:
unknown
2012-11-09 13:07:32 +02:00
parent 3bd3dd54e2
commit 49c8d8b2e6
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
sql/sql_prepare.cc
View File

@@ -2447,14 +2447,24 @@ void reinit_stmt_before_use(THD *thd, LEX *lex)
*/ */
if (sl->prep_where) if (sl->prep_where)
{ {
sl->where= sl->prep_where->copy_andor_structure(thd); /*
We need this rollback because memory allocated in
copy_andor_structure() will be freed
*/
thd->change_item_tree((Item**)&sl->where,
sl->prep_where->copy_andor_structure(thd));
sl->where->cleanup(); sl->where->cleanup();
} }
else else
sl->where= NULL; sl->where= NULL;
if (sl->prep_having) if (sl->prep_having)
{ {
sl->having= sl->prep_having->copy_andor_structure(thd); /*
We need this rollback because memory allocated in
copy_andor_structure() will be freed
*/
thd->change_item_tree((Item**)&sl->having,
sl->prep_having->copy_andor_structure(thd));
sl->having->cleanup(); sl->having->cleanup();
} }
else else