diff --git a/mysql-test/suite/innodb/r/innodb_bug13510739.result b/mysql-test/suite/innodb/r/innodb_bug13510739.result new file mode 100644 index 00000000000..8aa4323eeb0 --- /dev/null +++ b/mysql-test/suite/innodb/r/innodb_bug13510739.result @@ -0,0 +1,10 @@ +CREATE TABLE bug13510739 (c INTEGER NOT NULL, PRIMARY KEY (c)) ENGINE=INNODB; +INSERT INTO bug13510739 VALUES (1), (2), (3), (4); +DELETE FROM bug13510739 WHERE c=2; +HANDLER bug13510739 OPEN; +HANDLER bug13510739 READ `primary` = (2); +c +HANDLER bug13510739 READ `primary` NEXT; +c +4 +DROP TABLE bug13510739; diff --git a/mysql-test/suite/innodb/t/innodb_bug13510739.test b/mysql-test/suite/innodb/t/innodb_bug13510739.test new file mode 100644 index 00000000000..f10bcd8e272 --- /dev/null +++ b/mysql-test/suite/innodb/t/innodb_bug13510739.test @@ -0,0 +1,20 @@ +# +# Bug#13510739 63775: SERVER CRASH ON HANDLER READ NEXT AFTER DELETE RECORD. +# + +-- source include/have_innodb.inc + +CREATE TABLE bug13510739 (c INTEGER NOT NULL, PRIMARY KEY (c)) ENGINE=INNODB; + +INSERT INTO bug13510739 VALUES (1), (2), (3), (4); + +DELETE FROM bug13510739 WHERE c=2; + +HANDLER bug13510739 OPEN; + +HANDLER bug13510739 READ `primary` = (2); + +# this one crashes the server if the bug is present +HANDLER bug13510739 READ `primary` NEXT; + +DROP TABLE bug13510739; diff --git a/mysql-test/suite/innodb_plugin/r/innodb_bug13510739.result b/mysql-test/suite/innodb_plugin/r/innodb_bug13510739.result new file mode 100644 index 00000000000..8aa4323eeb0 --- /dev/null +++ b/mysql-test/suite/innodb_plugin/r/innodb_bug13510739.result @@ -0,0 +1,10 @@ +CREATE TABLE bug13510739 (c INTEGER NOT NULL, PRIMARY KEY (c)) ENGINE=INNODB; +INSERT INTO bug13510739 VALUES (1), (2), (3), (4); +DELETE FROM bug13510739 WHERE c=2; +HANDLER bug13510739 OPEN; +HANDLER bug13510739 READ `primary` = (2); +c +HANDLER bug13510739 READ `primary` NEXT; +c +4 +DROP TABLE bug13510739; diff --git a/mysql-test/suite/innodb_plugin/t/innodb_bug13510739.test b/mysql-test/suite/innodb_plugin/t/innodb_bug13510739.test new file mode 100644 index 00000000000..b8ffcc7b22b --- /dev/null +++ b/mysql-test/suite/innodb_plugin/t/innodb_bug13510739.test @@ -0,0 +1,20 @@ +# +# Bug#13510739 63775: SERVER CRASH ON HANDLER READ NEXT AFTER DELETE RECORD. +# + +-- source include/have_innodb_plugin.inc + +CREATE TABLE bug13510739 (c INTEGER NOT NULL, PRIMARY KEY (c)) ENGINE=INNODB; + +INSERT INTO bug13510739 VALUES (1), (2), (3), (4); + +DELETE FROM bug13510739 WHERE c=2; + +HANDLER bug13510739 OPEN; + +HANDLER bug13510739 READ `primary` = (2); + +# this one crashes the server if the bug is present +HANDLER bug13510739 READ `primary` NEXT; + +DROP TABLE bug13510739; diff --git a/storage/innobase/row/row0sel.c b/storage/innobase/row/row0sel.c index 9ab6424a012..915cc8339d4 100644 --- a/storage/innobase/row/row0sel.c +++ b/storage/innobase/row/row0sel.c @@ -4208,7 +4208,9 @@ no_gap_lock: applicable to unique secondary indexes. Current behaviour is to widen the scope of a lock on an already delete marked record if the same record is deleted twice by the same transaction */ - if (index == clust_index && unique_search) { + if (index == clust_index && unique_search + && !prebuilt->used_in_HANDLER) { + err = DB_RECORD_NOT_FOUND; goto normal_return; diff --git a/storage/innodb_plugin/ChangeLog b/storage/innodb_plugin/ChangeLog index d836b390c52..ab0c68ee297 100644 --- a/storage/innodb_plugin/ChangeLog +++ b/storage/innodb_plugin/ChangeLog @@ -1,3 +1,8 @@ +2011-12-22 The InnoDB Team + + * row/row0sel.c: + Fix Bug#63775 Server crash on handler read next after delete record. + 2011-12-13 The InnoDB Team * handler/ha_innodb.cc, innodb.test, innodb.result: diff --git a/storage/innodb_plugin/row/row0sel.c b/storage/innodb_plugin/row/row0sel.c index 32f21dbe198..54172e71a47 100644 --- a/storage/innodb_plugin/row/row0sel.c +++ b/storage/innodb_plugin/row/row0sel.c @@ -4362,7 +4362,9 @@ no_gap_lock: applicable to unique secondary indexes. Current behaviour is to widen the scope of a lock on an already delete marked record if the same record is deleted twice by the same transaction */ - if (index == clust_index && unique_search) { + if (index == clust_index && unique_search + && !prebuilt->used_in_HANDLER) { + err = DB_RECORD_NOT_FOUND; goto normal_return;