diff options
| author | Galina Shalygina <galina.shalygina@mariadb.com> | 2018-06-19 19:19:40 +0200 |
|---|---|---|
| committer | Galina Shalygina <galina.shalygina@mariadb.com> | 2018-06-19 20:03:38 +0200 |
| commit | 778df04661c72544baed4363a55b07362d5020ed (patch) | |
| tree | 789977e7db536cb56f2635ecf578e6fa08cc7e74 /sql/item_cmpfunc.cc | |
| parent | 10d09a57f88cafaabcb6ba8475c1951fe329756e (diff) | |
| download | mariadb-git-778df04661c72544baed4363a55b07362d5020ed.tar.gz | |
MDEV-16517: Server crash in Item_func_in::val_int() when
IN predicate defined with non-constant values is pushed down
The problem appears because of wrong changes made in MDEV-16090 in the
Item_func_in::build_clone() method.
For the clone of the IN predicate it copied 'cmp_fields' array values
that become dirty after Item::cleanup_excluding_const_fields_processor
has worked in pushdown. That causes crash.
There is no need to copy 'cmp_fields' field, the array values should be
NULLs in order to fix_fields() for the cloned IN predicate can set them
correctly. fix_fields() computes values for 'cmp_fields' array only
if they were not set earlier.
Diffstat (limited to 'sql/item_cmpfunc.cc')
| -rw-r--r-- | sql/item_cmpfunc.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index b86c0079bce..f176a0a8193 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -4438,7 +4438,7 @@ Item *Item_func_in::build_clone(THD *thd, MEM_ROOT *mem_root) { if (array && clone->create_array(thd)) return NULL; - memcpy(&clone->cmp_items, &cmp_items, sizeof(cmp_items)); + bzero(&clone->cmp_items, sizeof(cmp_items)); } return clone; } |