diff options
| author | Tor Didriksen <tor.didriksen@oracle.com> | 2011-07-11 11:20:19 +0200 |
|---|---|---|
| committer | Tor Didriksen <tor.didriksen@oracle.com> | 2011-07-11 11:20:19 +0200 |
| commit | 9827d4aa638c706041966efc49a3ac5a5726b4bf (patch) | |
| tree | 447c4abb8f8fd47c3d9542cb3edbae4195395cdc /sql/sql_lex.cc | |
| parent | 5c65318ceebb9f5b4c4e4116ac5b14b8dd341e2f (diff) | |
| download | mariadb-git-9827d4aa638c706041966efc49a3ac5a5726b4bf.tar.gz | |
Bug#11765255 - 58201: VALGRIND/CRASH WHEN ORDERING BY MULTIPLE AGGREGATE FUNCTIONS
We must allocate a larger ref_pointer_array. We failed to account for extra
items allocated here:
#0 find_order_in_list
uint el= all_fields.elements;
all_fields.push_front(order_item); /* Add new field to field list. */
ref_pointer_array[el]= order_item;
order->item= ref_pointer_array + el;
#1 setup_order
#2 setup_without_group
#3 JOIN::prepare
Diffstat (limited to 'sql/sql_lex.cc')
| -rw-r--r-- | sql/sql_lex.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index f0289ab86ce..a7b23746155 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -1987,6 +1987,9 @@ bool st_select_lex::setup_ref_array(THD *thd, uint order_group_num) if (ref_pointer_array) return 0; + // find_order_in_list() may need some extra space, so multiply by two. + order_group_num*= 2; + /* We have to create array in prepared statement memory if it is prepared statement |