Bug#48157: crash in Item_field::used_tables

MySQL handles the join syntax "JOIN ... USING( field1, ... )" and natural joins by building the same parse tree as a corresponding join with an "ON t1.field1 = t2.field1 ..." expression would produce. This parse tree was not cleaned up properly in the following scenario. If a thread tries to lock some tables and finds that the tables were dropped and re-created while waiting for the lock, it cleans up column references in the statement by means a per-statement free list. But if the statement was part of a stored procedure, column references on the stored procedure's free list weren't cleaned up and thus contained pointers to freed objects. Fixed by adding a call to clean up the current prepared statement's free list.
2025-07-29 05:21:33 +03:00 · 2010-01-12 15:16:26 +01:00
parent 684405a5d3
commit e57ea46d5a
5 changed files with 94 additions and 3 deletions
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@ -615,8 +615,10 @@ void free_items(Item *item)
  DBUG_VOID_RETURN;
 }

-/* This works because items are allocated with sql_alloc() */
-
+/**
+   This works because items are allocated with sql_alloc().
+   @note The function also handles null pointers (empty list).
+*/
 void cleanup_items(Item *item)
 {
  DBUG_ENTER("cleanup_items");