1
0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00

MDEV-416: Server crashes in SQL_SELECT::cleanup on EXPLAIN with SUM ( DISTINCT )

- When JOIN::cleanup(full==TRUE) is called, the select can be in two states:
  = Right after the create_sort_index() call, when join->join_tab[0] is used to 
    read data produced by filesort().
  = After create_sort_index(), and after JOIN::reinit() calls, when 
    join->join_tab[0] has been reset to read the original data. 
- We didn't handle the second case correctly, which resulted in an attempt to free 
  the same SQL_SELECT two times. The fix is to make sure we don't double-free.
This commit is contained in:
Sergey Petrunya
2012-08-02 17:06:05 +04:00
parent aaa188dad9
commit 59e64b6c9b
3 changed files with 40 additions and 3 deletions

View File

@ -10731,9 +10731,22 @@ void JOIN::cleanup(bool full)
if (full)
{
JOIN_TAB *sort_tab= first_linear_tab(this, WITHOUT_CONST_TABLES);
if (pre_sort_join_tab)
{
if (sort_tab && sort_tab->select == pre_sort_join_tab->select)
{
pre_sort_join_tab->select= NULL;
}
else
clean_pre_sort_join_tab();
}
for (tab= first_linear_tab(this, WITH_CONST_TABLES); tab;
tab= next_linear_tab(this, tab, WITH_BUSH_ROOTS))
{
tab->cleanup();
}
}
else
{
@ -10755,9 +10768,6 @@ void JOIN::cleanup(bool full)
*/
if (full)
{
if (pre_sort_join_tab)
clean_pre_sort_join_tab();
if (tmp_join)
tmp_table_param.copy_field= 0;
group_fields.delete_elements();