From 97ac0c273f1206bd2201d9c111e4aed5b3cfd1d2 Mon Sep 17 00:00:00 2001
From: "gshchepa/uchum@gleb.loc" <>
Date: Tue, 27 Nov 2007 19:14:48 +0400
Subject: [PATCH] Fixed bug #32403: query causes a crash due to stack and      
             memory corruptions.

The right pointer field of the SEL_ARG structure was not
initialized in the constructor and sometimes that led to
server crashes.

There is no testcase because the bug occurs only when
uninitialized memory has particular values, which can't be
re-created in the test suite.
---
 sql/opt_range.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sql/opt_range.cc b/sql/opt_range.cc
index 969777d4792..58ce6c8da7a 100644
--- a/sql/opt_range.cc
+++ b/sql/opt_range.cc
@@ -250,6 +250,9 @@ public:
   Field *field;
   char *min_value,*max_value;			// Pointer to range
 
+  /*
+    eq_tree() requires that left == right == 0 if the type is MAYBE_KEY.
+   */
   SEL_ARG *left,*right;   /* R-B tree children */
   SEL_ARG *next,*prev;    /* Links for bi-directional interval list */
   SEL_ARG *parent;        /* R-B tree parent */
@@ -265,7 +268,7 @@ public:
   SEL_ARG(Field *field, uint8 part, char *min_value, char *max_value,
 	  uint8 min_flag, uint8 max_flag, uint8 maybe_flag);
   SEL_ARG(enum Type type_arg)
-    :min_flag(0),elements(1),use_count(1),left(0),next_key_part(0),
+    :min_flag(0),elements(1),use_count(1),left(0),right(0),next_key_part(0),
     color(BLACK), type(type_arg)
   {}
   inline bool is_same(SEL_ARG *arg)