mirror of
https://github.com/MariaDB/server.git
synced 2025-07-30 16:24:05 +03:00
MDEV-416: Server crashes in SQL_SELECT::cleanup on EXPLAIN with SUM ( DISTINCT )
- When JOIN::cleanup(full==TRUE) is called, the select can be in two states: = Right after the create_sort_index() call, when join->join_tab[0] is used to read data produced by filesort(). = After create_sort_index(), and after JOIN::reinit() calls, when join->join_tab[0] has been reset to read the original data. - We didn't handle the second case correctly, which resulted in an attempt to free the same SQL_SELECT two times. The fix is to make sure we don't double-free.
This commit is contained in:
@ -10731,9 +10731,22 @@ void JOIN::cleanup(bool full)
|
||||
|
||||
if (full)
|
||||
{
|
||||
JOIN_TAB *sort_tab= first_linear_tab(this, WITHOUT_CONST_TABLES);
|
||||
if (pre_sort_join_tab)
|
||||
{
|
||||
if (sort_tab && sort_tab->select == pre_sort_join_tab->select)
|
||||
{
|
||||
pre_sort_join_tab->select= NULL;
|
||||
}
|
||||
else
|
||||
clean_pre_sort_join_tab();
|
||||
}
|
||||
|
||||
for (tab= first_linear_tab(this, WITH_CONST_TABLES); tab;
|
||||
tab= next_linear_tab(this, tab, WITH_BUSH_ROOTS))
|
||||
{
|
||||
tab->cleanup();
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -10755,9 +10768,6 @@ void JOIN::cleanup(bool full)
|
||||
*/
|
||||
if (full)
|
||||
{
|
||||
if (pre_sort_join_tab)
|
||||
clean_pre_sort_join_tab();
|
||||
|
||||
if (tmp_join)
|
||||
tmp_table_param.copy_field= 0;
|
||||
group_fields.delete_elements();
|
||||
|
Reference in New Issue
Block a user