Monty 4955f6018a MDEV-29351 SIGSEGV when doing forward reference of item in select list ...

The reason for the crash was the code assumed that
SELECT_LEX.ref_pointer_array would be initialized with zero, which was
not the case. This cause the test of
if (!select->ref_pointer_array[counter]) in item.cc to be unpredictable
and causes crashes.

Fixed by zero-filling ref_pointer_array on allocation.

2024-10-16 17:24:46 +03:00

348 KiB

Raw Blame History

View Raw