MDEV-15729 Server crashes in Field::make_field upon HANDLER READ executed with PS protocol

update table->pos_in_table_list during prepare,
just like it's done in normal execution.

otherwise it'll be a dangling pointer

3 files changed, 21 insertions, 0 deletions

diff --git a/mysql-test/suite/handler/ps.result b/mysql-test/suite/handler/ps.result
new file mode 100644
index 00000000000..54685f9156b
--- /dev/null
+++ b/mysql-test/suite/handler/ps.result
@@ -0,0 +1,9 @@
+create table t1 (i int);
+handler test.t1 open handler_a;
+flush status;
+handler handler_a read first;
+i
+show status like 'Com_stmt_prepare%';
+Variable_name	Value
+Com_stmt_prepare	OK
+drop table t1;
diff --git a/mysql-test/suite/handler/ps.test b/mysql-test/suite/handler/ps.test
new file mode 100644
index 00000000000..68091190c85
--- /dev/null
+++ b/mysql-test/suite/handler/ps.test
@@ -0,0 +1,11 @@
+#
+# MDEV-15729 Server crashes in Field::make_field upon HANDLER READ executed with PS protocol
+#
+create table t1 (i int);
+handler test.t1 open handler_a;
+flush status;
+handler handler_a read first;
+# handler...read must be prepared in --ps-protocol mode
+--replace_result $PS_PROTOCOL OK
+show status like 'Com_stmt_prepare%';
+drop table t1;
diff --git a/sql/sql_handler.cc b/sql/sql_handler.cc
index f5c79e59bf2..778507ebc38 100644
--- a/sql/sql_handler.cc
+++ b/sql/sql_handler.cc
@@ -980,6 +980,7 @@ SQL_HANDLER *mysql_ha_read_prepare(THD *thd, TABLE_LIST *tables,
   if (!(handler= mysql_ha_find_handler(thd, tables->alias)))
     DBUG_RETURN(0);
   tables->table= handler->table;         // This is used by fix_fields
+  handler->table->pos_in_table_list= tables;
   if (mysql_ha_fix_cond_and_key(handler, mode, keyname, key_expr, cond, 1))
     DBUG_RETURN(0);
   DBUG_RETURN(handler);