Bug #57659 Segfault in Query_cache::invalidate_data for TRUNCATE TABLE

This crash could happen if TRUNCATE TABLE indirectly failed to open a merge table due to failures to open underlying tables. Even if opening failed, the TRUNCATE TABLE code would try to invalidate the table in the query cache. Since this table had been closed and memory released, this could lead to a crash. This bug was introduced by a combination of the changes introduced by the patch for Bug#52044, where failing to open a table will cause opened tables to be closed. And the changes in patch for Bug#49938, where TRUNCATE TABLE uses the standard open tables function. This patch fixes the problem by setting the TABLE pointer to NULL before invalidating the query cache. Test case added to truncate_coverage.test.
2025-07-27 18:02:13 +03:00 · 2010-10-29 16:10:53 +02:00
parent 13237f7a2a
commit 75d59ff967
3 changed files with 88 additions and 0 deletions
--- a/sql/sql_truncate.cc
+++ b/sql/sql_truncate.cc
@ -472,6 +472,13 @@ bool Truncate_statement::truncate_table(THD *thd, TABLE_LIST *table_ref)
      binlog_stmt= !error || error != HA_ERR_WRONG_COMMAND;
    }

+    /*
+      If we tried to open a MERGE table and failed due to problems with the
+      children tables, the table will have been closed and table_ref->table
+      will be invalid. Reset the pointer here in any case as
+      query_cache_invalidate does not need a valid TABLE object.
+    */
+    table_ref->table= NULL;
    query_cache_invalidate3(thd, table_ref, FALSE);
  }