database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Bug#48157: crash in Item_field::used_tables

Browse Source 
MySQL handles the join syntax "JOIN ... USING( field1,
... )" and natural joins by building the same parse tree as
a corresponding join with an "ON t1.field1 = t2.field1 ..."
expression would produce. This parse tree was not cleaned up
properly in the following scenario. If a thread tries to
lock some tables and finds that the tables were dropped and
re-created while waiting for the lock, it cleans up column
references in the statement by means a per-statement free
list. But if the statement was part of a stored procedure,
column references on the stored procedure's free list weren't
cleaned up and thus contained pointers to freed objects.

Fixed by adding a call to clean up the current prepared
statement's free list.
This commit is contained in:
Martin Hansson
2010-01-12 15:16:26 +01:00
parent 684405a5d3
commit e57ea46d5a
5 changed files with 94 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sql/sql_update.cc
View File

@ -23,6 +23,7 @@
#include "sql_select.h"
#include "sp_head.h"
#include "sql_trigger.h"
#include "debug_sync.h"
/* Return 0 if row hasn't changed */
@ -1143,8 +1144,11 @@ reopen_tables:
items from 'fields' list, so the cleanup above is necessary to.
*/
cleanup_items(thd->free_list);
cleanup_items(thd->stmt_arena->free_list);
close_tables_for_reopen(thd, &table_list);
DEBUG_SYNC(thd, "multi_update_reopen_tables");
goto reopen_tables;
}