diff options
| author | Martin Hansson <martin.hansson@sun.com> | 2010-05-11 16:21:05 +0200 |
|---|---|---|
| committer | Martin Hansson <martin.hansson@sun.com> | 2010-05-11 16:21:05 +0200 |
| commit | 79e60f0a40d525fd1bdf924b4fef830e2aacb858 (patch) | |
| tree | f6fd3c01794fb11fc8ed4461e930af80f7ee8e13 /sql/sql_parse.cc | |
| parent | 1eada91053287af3d46da93b88d5feb30ed4ba27 (diff) | |
| download | mariadb-git-79e60f0a40d525fd1bdf924b4fef830e2aacb858.tar.gz | |
Bug#48157: crash in Item_field::used_tables
MySQL handles the join syntax "JOIN ... USING( field1,
... )" and natural joins by building the same parse tree as
a corresponding join with an "ON t1.field1 = t2.field1 ..."
expression would produce. This parse tree was not cleaned up
properly in the following scenario. If a thread tries to
lock some tables and finds that the tables were dropped and
re-created while waiting for the lock, it cleans up column
references in the statement by means a per-statement free
list. But if the statement was part of a stored procedure,
column references on the stored procedure's free list
weren't cleaned up and thus contained pointers to freed
objects.
Fixed by adding a call to clean up the current prepared
statement's free list.
This is a backport from MySQL 5.1
Diffstat (limited to 'sql/sql_parse.cc')
| -rw-r--r-- | sql/sql_parse.cc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 807d6c09a46..d0a4fff442f 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1411,8 +1411,10 @@ end: } - /* This works because items are allocated with sql_alloc() */ - +/** + This works because items are allocated with sql_alloc(). + @note The function also handles null pointers (empty list). +*/ void cleanup_items(Item *item) { DBUG_ENTER("cleanup_items"); |