diff options
| author | Sergey Glukhov <Sergey.Glukhov@sun.com> | 2008-12-10 18:13:11 +0400 |
|---|---|---|
| committer | Sergey Glukhov <Sergey.Glukhov@sun.com> | 2008-12-10 18:13:11 +0400 |
| commit | c700b4cfab73ca9e88d6167913064e787aca646b (patch) | |
| tree | 60e7961f71ff0243c16def0011c2d45b57b7aeb1 /sql/sql_cursor.cc | |
| parent | d60607f0abdab1fd4854018412bb6f94a9fff778 (diff) | |
| download | mariadb-git-c700b4cfab73ca9e88d6167913064e787aca646b.tar.gz | |
Bug#37956 memory leak and / or crash with geometry and prepared statements!
Bug#37671 crash on prepared statement + cursor + geometry + too many open files!
if mysql_execute_command() returns error then free materialized_cursor object.
is_rnd_inited is added to satisfy rnd_end() assertion
(handler may be uninitialized in some cases)
sql/sql_cursor.cc:
if mysql_execute_command() returns error then free materialized_cursor object.
is_rnd_inited is added to satisfy rnd_end() assertion
(handler may be uninitialized in some cases)
sql/sql_select.cc:
added result check
tests/mysql_client_test.c:
test case
Diffstat (limited to 'sql/sql_cursor.cc')
| -rw-r--r-- | sql/sql_cursor.cc | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/sql/sql_cursor.cc b/sql/sql_cursor.cc index 16567765ba6..83c60814cf3 100644 --- a/sql/sql_cursor.cc +++ b/sql/sql_cursor.cc @@ -85,6 +85,7 @@ class Materialized_cursor: public Server_side_cursor List<Item> item_list; ulong fetch_limit; ulong fetch_count; + bool is_rnd_inited; public: Materialized_cursor(select_result *result, TABLE *table); @@ -191,7 +192,11 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, such command is SHOW VARIABLES or SHOW STATUS. */ if (rc) + { + if (result_materialize->materialized_cursor) + delete result_materialize->materialized_cursor; goto err_open; + } if (sensitive_cursor->is_open()) { @@ -532,7 +537,8 @@ Materialized_cursor::Materialized_cursor(select_result *result_arg, :Server_side_cursor(&table_arg->mem_root, result_arg), table(table_arg), fetch_limit(0), - fetch_count(0) + fetch_count(0), + is_rnd_inited(0) { fake_unit.init_query(); fake_unit.thd= table->in_use; @@ -589,11 +595,12 @@ int Materialized_cursor::open(JOIN *join __attribute__((unused))) THD *thd= fake_unit.thd; int rc; Query_arena backup_arena; - thd->set_n_backup_active_arena(this, &backup_arena); /* Create a list of fields and start sequential scan */ - rc= (result->prepare(item_list, &fake_unit) || - table->file->ha_rnd_init(TRUE)); + rc= result->prepare(item_list, &fake_unit); + if (!rc && !(rc= table->file->ha_rnd_init(TRUE))) + is_rnd_inited= 1; + thd->restore_active_arena(this, &backup_arena); if (rc == 0) { @@ -673,7 +680,8 @@ void Materialized_cursor::close() { /* Free item_list items */ free_items(); - (void) table->file->ha_rnd_end(); + if (is_rnd_inited) + (void) table->file->ha_rnd_end(); /* We need to grab table->mem_root to prevent free_tmp_table from freeing: the cursor object was allocated in this memory. |