From 7aff8b3049b547190b48de7ed3657ae3bee8df07 Mon Sep 17 00:00:00 2001
From: Oleg Smirnov <olernov@gmail.com>
Date: Wed, 30 Mar 2022 10:42:20 +0300
Subject: MDEV-24560 Avoid possible use of uninitialized tab->table

This patch amends the previous fix for MDEV-24560.
Issue: moving initialization of tab->table to the end of the function
can cause dereferencing NULL in add_sorting_to_table().
The solution is to initialize tab->table as before but reset it to NULL
in case of an error during JOIN::create_postjoin_aggr_table() execution.
---
 sql/sql_select.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 6962df72d6e..c138ef7a5cd 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -4035,6 +4035,7 @@ JOIN::create_postjoin_aggr_table(JOIN_TAB *tab, List<Item> *table_fields,
   tab->join= this;
   DBUG_ASSERT(tab > tab->join->join_tab || !top_join_tab_count ||
               !tables_list);
+  tab->table= table;
   if (tab > join_tab)
     (tab - 1)->next_select= sub_select_postjoin_aggr;
 
@@ -4087,13 +4088,13 @@ JOIN::create_postjoin_aggr_table(JOIN_TAB *tab, List<Item> *table_fields,
   }
   if (!(tab->aggr= new (thd->mem_root) AGGR_OP(tab)))
     goto err;
-  tab->table= table;
   table->reginfo.join_tab= tab;
   DBUG_RETURN(false);
 
 err:
   if (table != NULL)
     free_tmp_table(thd, table);
+  tab->table= nullptr;
   DBUG_RETURN(true);
 }
 
-- 
cgit v1.2.1