summaryrefslogtreecommitdiff
path: root/sql/sql_cursor.cc
diff options
context:
space:
mode:
authorSergey Glukhov <Sergey.Glukhov@sun.com>2008-12-10 18:13:11 +0400
committerSergey Glukhov <Sergey.Glukhov@sun.com>2008-12-10 18:13:11 +0400
commit84de3b930bcae8af7a7b5613dd8be514afbb8661 (patch)
tree60e7961f71ff0243c16def0011c2d45b57b7aeb1 /sql/sql_cursor.cc
parenta6be137556f5b85cd72f8e8559384cbc995d16c6 (diff)
downloadmariadb-git-84de3b930bcae8af7a7b5613dd8be514afbb8661.tar.gz
Bug#37956 memory leak and / or crash with geometry and prepared statements!
Bug#37671 crash on prepared statement + cursor + geometry + too many open files! if mysql_execute_command() returns error then free materialized_cursor object. is_rnd_inited is added to satisfy rnd_end() assertion (handler may be uninitialized in some cases) sql/sql_cursor.cc: if mysql_execute_command() returns error then free materialized_cursor object. is_rnd_inited is added to satisfy rnd_end() assertion (handler may be uninitialized in some cases) sql/sql_select.cc: added result check tests/mysql_client_test.c: test case
Diffstat (limited to 'sql/sql_cursor.cc')
-rw-r--r--sql/sql_cursor.cc18
1 files changed, 13 insertions, 5 deletions
diff --git a/sql/sql_cursor.cc b/sql/sql_cursor.cc
index 16567765ba6..83c60814cf3 100644
--- a/sql/sql_cursor.cc
+++ b/sql/sql_cursor.cc
@@ -85,6 +85,7 @@ class Materialized_cursor: public Server_side_cursor
List<Item> item_list;
ulong fetch_limit;
ulong fetch_count;
+ bool is_rnd_inited;
public:
Materialized_cursor(select_result *result, TABLE *table);
@@ -191,7 +192,11 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result,
such command is SHOW VARIABLES or SHOW STATUS.
*/
if (rc)
+ {
+ if (result_materialize->materialized_cursor)
+ delete result_materialize->materialized_cursor;
goto err_open;
+ }
if (sensitive_cursor->is_open())
{
@@ -532,7 +537,8 @@ Materialized_cursor::Materialized_cursor(select_result *result_arg,
:Server_side_cursor(&table_arg->mem_root, result_arg),
table(table_arg),
fetch_limit(0),
- fetch_count(0)
+ fetch_count(0),
+ is_rnd_inited(0)
{
fake_unit.init_query();
fake_unit.thd= table->in_use;
@@ -589,11 +595,12 @@ int Materialized_cursor::open(JOIN *join __attribute__((unused)))
THD *thd= fake_unit.thd;
int rc;
Query_arena backup_arena;
-
thd->set_n_backup_active_arena(this, &backup_arena);
/* Create a list of fields and start sequential scan */
- rc= (result->prepare(item_list, &fake_unit) ||
- table->file->ha_rnd_init(TRUE));
+ rc= result->prepare(item_list, &fake_unit);
+ if (!rc && !(rc= table->file->ha_rnd_init(TRUE)))
+ is_rnd_inited= 1;
+
thd->restore_active_arena(this, &backup_arena);
if (rc == 0)
{
@@ -673,7 +680,8 @@ void Materialized_cursor::close()
{
/* Free item_list items */
free_items();
- (void) table->file->ha_rnd_end();
+ if (is_rnd_inited)
+ (void) table->file->ha_rnd_end();
/*
We need to grab table->mem_root to prevent free_tmp_table from freeing:
the cursor object was allocated in this memory.