database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-10694 - SIGFPE and/or huge memory allocation in maria_create ...

Browse Source 
The issue was that JOIN::rollup_write_data() used
JOIN::tmp_table_param::[start_]recinfo, which had uninitialized data.

These fields have uninitialized data, because JOIN::tmp_table_param
currently only stores some grouping-related data fields.  The data about
the work (temporary) tables themselves is stored in
join->join_tab[...].tmp_table_param.

The fix is to make JOIN::rollup_write_data follow this convention
and look at the right TMP_TABLE_PARAM object
This commit is contained in:
Sergei Petrunia
2017-02-14 07:18:55 -08:00
parent 24911cee4e
commit e688d81444
4 changed files with 25 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sql/sql_select.h
View File

@ -1559,7 +1559,7 @@ public:
bool rollup_make_fields(List<Item> &all_fields, List<Item> &fields,
Item_sum ***func);
int rollup_send_data(uint idx);
int rollup_write_data(uint idx, TABLE *table);
int rollup_write_data(uint idx, TMP_TABLE_PARAM *tmp_table_param, TABLE *table);
void join_free();
/** Cleanup this JOIN, possibly for reuse */
void cleanup(bool full);