From b46b7144d1999d4950a812486f36f2f0d6ab645d Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Wed, 17 Jun 2020 11:19:50 +0400 Subject: [PATCH] MDEV-21695 Server crashes in TABLE::evaluate_update_default_function upon UPDATE on temporary table copy_data_between_tables() sets to->s->default_fields to 0, as a part of the code disabling ON UPDATE actions for all old fields (so ON UPDATE is enable only for new fields during copying). After the actual copying, copy_data_between_tables() did not restore to->s->default_fields to the original value. As a result, the TABLE_SHARE to->s was left in a wrong state after copy_data_between_tables() and further open_table_from_share() using this TABLE_SHARE did not populate TABLE::default_field, which further made TABLE::evaluate_update_default_function() crash on access to NULL pointer. Fix: Changing copy_data_between_tables() to restore to->s->default_fields to its original value after the copying loop. --- mysql-test/r/temp_table.result | 18 ++++++++++++++++++ mysql-test/t/temp_table.test | 19 +++++++++++++++++++ sql/sql_table.cc | 2 ++ 3 files changed, 39 insertions(+) diff --git a/mysql-test/r/temp_table.result b/mysql-test/r/temp_table.result index 78ca7a66682..cd6621ac487 100644 --- a/mysql-test/r/temp_table.result +++ b/mysql-test/r/temp_table.result @@ -584,3 +584,21 @@ ALTER TABLE t1 CHANGE no_such_col1 col1 BIGINT NULL; ERROR 42S22: Unknown column 'no_such_col1' in 't1' TRUNCATE TABLE t1; DROP TEMPORARY TABLE t1; +# +# MDEV-21695 Server crashes in TABLE::evaluate_update_default_function upon UPDATE on temporary table +# +SET timestamp=UNIX_TIMESTAMP('2001-01-01 10:20:30'); +CREATE TEMPORARY TABLE t1 (a DATETIME ON UPDATE CURRENT_TIMESTAMP); +ALTER TABLE t1 ADD b INT; +INSERT INTO t1 (b) VALUES (1),(2); +ALTER TABLE t1 CHANGE COLUMN x xx INT; +ERROR 42S22: Unknown column 'x' in 't1' +UPDATE t1 SET b = 3; +SELECT * FROM t1; +a b +2001-01-01 10:20:30 3 +2001-01-01 10:20:30 3 +DROP TEMPORARY TABLE t1; +# +# End of 10.2 tests +# diff --git a/mysql-test/t/temp_table.test b/mysql-test/t/temp_table.test index bd3bba34f89..dc5fe7f3cd0 100644 --- a/mysql-test/t/temp_table.test +++ b/mysql-test/t/temp_table.test @@ -639,3 +639,22 @@ ALTER TABLE t1 CHANGE no_such_col1 col1 BIGINT NULL; # was not dropped during the first TRUNCATE due to extra table handles. TRUNCATE TABLE t1; DROP TEMPORARY TABLE t1; + +--echo # +--echo # MDEV-21695 Server crashes in TABLE::evaluate_update_default_function upon UPDATE on temporary table +--echo # + +SET timestamp=UNIX_TIMESTAMP('2001-01-01 10:20:30'); +CREATE TEMPORARY TABLE t1 (a DATETIME ON UPDATE CURRENT_TIMESTAMP); +ALTER TABLE t1 ADD b INT; +INSERT INTO t1 (b) VALUES (1),(2); +--error ER_BAD_FIELD_ERROR +ALTER TABLE t1 CHANGE COLUMN x xx INT; +UPDATE t1 SET b = 3; +SELECT * FROM t1; +DROP TEMPORARY TABLE t1; + + +--echo # +--echo # End of 10.2 tests +--echo # diff --git a/sql/sql_table.cc b/sql/sql_table.cc index 87d84b1abc6..7cce3bcc323 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -10057,6 +10057,7 @@ copy_data_between_tables(THD *thd, TABLE *from, TABLE *to, sql_mode_t save_sql_mode= thd->variables.sql_mode; ulonglong prev_insert_id, time_to_report_progress; Field **dfield_ptr= to->default_field; + uint save_to_s_default_fields= to->s->default_fields; DBUG_ENTER("copy_data_between_tables"); /* Two or 3 stages; Sorting, copying data and update indexes */ @@ -10338,6 +10339,7 @@ copy_data_between_tables(THD *thd, TABLE *from, TABLE *to, *copied= found_count; *deleted=delete_count; to->file->ha_release_auto_increment(); + to->s->default_fields= save_to_s_default_fields; if (!cleanup_done) {