MDEV-26583 SIGSEGV's in spider_get_select_limit_from_select_lex when DELAYED INSERT is used

Spider dereferences a freed select_lex and then results in SIGSEGV.
author: Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> 2022-01-04 13:21:14 +0900
committer: Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> 2022-01-19 18:58:47 +0900
commit: f8c3d5927445dcd75f31ed8e9fb3cfcc07c3ed8f (patch)
tree: 9f44e44aadf5e3dd0d9565dd7a3d3d2f75818273 /sql/sql_insert.cc
parent: e128d852e84b950c8820ba885789888f5580efdc (diff)
download: mariadb-git-f8c3d5927445dcd75f31ed8e9fb3cfcc07c3ed8f.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc
index 0f454e74a48..460fbba4ac5 100644
--- a/sql/sql_insert.cc
+++ b/sql/sql_insert.cc
@@ -2424,6 +2424,11 @@ bool delayed_get_table(THD *thd, MDL_request *grl_protection_request,
       di->table_list.alias.length= di->table_list.table_name.length= di->thd.query_length();
       di->table_list.db= di->thd.db;
       /*
+        Nulify select_lex because, if the thread that spawned the current one
+        disconnects, the select_lex will point to freed memory.
+      */
+      di->table_list.select_lex= NULL;
+      /*
         We need the tickets so that they can be cloned in
         handle_delayed_insert
       */
author	Nayuta Yanagisawa <nayuta.yanagisawa@hey.com>	2022-01-04 13:21:14 +0900
committer	Nayuta Yanagisawa <nayuta.yanagisawa@hey.com>	2022-01-19 18:58:47 +0900
commit	f8c3d5927445dcd75f31ed8e9fb3cfcc07c3ed8f (patch)
tree	9f44e44aadf5e3dd0d9565dd7a3d3d2f75818273 /sql/sql_insert.cc
parent	e128d852e84b950c8820ba885789888f5580efdc (diff)
download	mariadb-git-f8c3d5927445dcd75f31ed8e9fb3cfcc07c3ed8f.tar.gz