database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Bug#11765255 - 58201: VALGRIND/CRASH WHEN ORDERING BY MULTIPLE AGGREGATE FUNCTIONS

Browse Source 
We must allocate a larger ref_pointer_array. We failed to account for extra
items allocated here:
#0  find_order_in_list 
  uint el= all_fields.elements;
  all_fields.push_front(order_item); /* Add new field to field list. */
  ref_pointer_array[el]= order_item;
  order->item= ref_pointer_array + el;
#1  setup_order
#2  setup_without_group
#3  JOIN::prepare
This commit is contained in:
Tor Didriksen
2011-07-11 11:20:19 +02:00
parent 5c65318cee
commit 9827d4aa63
6 changed files with 145 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sql/sql_lex.cc
View File

@ -1987,6 +1987,9 @@ bool st_select_lex::setup_ref_array(THD *thd, uint order_group_num)
if (ref_pointer_array)
return 0;
// find_order_in_list() may need some extra space, so multiply by two.
order_group_num*= 2;
/*
We have to create array in prepared statement memory if it is
prepared statement