From 8ed5fde3e1d2f49d140c166ef1e142215f90f572 Mon Sep 17 00:00:00 2001
From: Monty <monty@mariadb.org>
Date: Sun, 27 Sep 2015 21:28:07 +0200
Subject: [PATCH] bug in JOIN_TAB::cleanup() that caused freed memory to be
 accessed

---
 sql/sql_select.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 4523b3239f0..6619f63cd73 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -11472,14 +11472,16 @@ void JOIN_TAB::cleanup()
       }
       else
       {
+        TABLE_LIST *tmp= table->pos_in_table_list;
         end_read_record(&read_record);
-        table->pos_in_table_list->jtbm_subselect->cleanup();
+        tmp->jtbm_subselect->cleanup();
         /* 
           The above call freed the materializedd temptable. Set it to NULL so
           that we don't attempt to touch it if JOIN_TAB::cleanup() is invoked
           multiple times (it may be)
         */
-        table=NULL;
+        tmp->table= NULL;
+        table= NULL;
       }
       DBUG_VOID_RETURN;
     }