diff options
| author | Sergei Petrunia <psergey@askmonty.org> | 2017-02-14 07:18:55 -0800 |
|---|---|---|
| committer | Sergei Petrunia <psergey@askmonty.org> | 2017-02-14 07:18:55 -0800 |
| commit | 20a92ccc0439a1a02c336e397cc2cc4ec8aba797 (patch) | |
| tree | b0bb7d3222e9e7a3de777f85ae4a98e9f6460e22 /sql/sql_select.cc | |
| parent | f76d5fefb818760f41488c1793fca27d97c9c2a0 (diff) | |
| download | mariadb-git-bb-10.2-mdev10694.tar.gz | |
MDEV-10694 - SIGFPE and/or huge memory allocation in maria_create ...bb-10.2-mdev10694
The issue was that JOIN::rollup_write_data() used
JOIN::tmp_table_param::[start_]recinfo, which had uninitialized data.
These fields have uninitialized data, because JOIN::tmp_table_param
currently only stores some grouping-related data fields. The data about
the work (temporary) tables themselves is stored in
join->join_tab[...].tmp_table_param.
The fix is to make JOIN::rollup_write_data follow this convention
and look at the right TMP_TABLE_PARAM object
Diffstat (limited to 'sql/sql_select.cc')
| -rw-r--r-- | sql/sql_select.cc | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 5c7ae1e88c1..47f0bafadcc 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -20032,8 +20032,11 @@ end_write_group(JOIN *join, JOIN_TAB *join_tab __attribute__((unused)), } if (join->rollup.state != ROLLUP::STATE_NONE) { - if (join->rollup_write_data((uint) (idx+1), table)) + if (join->rollup_write_data((uint) (idx+1), + join_tab->tmp_table_param, table)) + { DBUG_RETURN(NESTED_LOOP_ERROR); + } } if (end_of_records) goto end; @@ -23839,7 +23842,7 @@ int JOIN::rollup_send_data(uint idx) 1 if write_data_failed() */ -int JOIN::rollup_write_data(uint idx, TABLE *table_arg) +int JOIN::rollup_write_data(uint idx, TMP_TABLE_PARAM *tmp_table_param_arg, TABLE *table_arg) { uint i; for (i= send_group_parts ; i-- > idx ; ) @@ -23860,8 +23863,8 @@ int JOIN::rollup_write_data(uint idx, TABLE *table_arg) if ((write_error= table_arg->file->ha_write_tmp_row(table_arg->record[0]))) { if (create_internal_tmp_table_from_heap(thd, table_arg, - tmp_table_param.start_recinfo, - &tmp_table_param.recinfo, + tmp_table_param_arg->start_recinfo, + &tmp_table_param_arg->recinfo, write_error, 0, NULL)) return 1; } |