From 5beae1f8dcf6417315aec0940fadd8b32c218afe Mon Sep 17 00:00:00 2001
From: Georgi Kodinov <joro@sun.com>
Date: Fri, 10 Jul 2009 15:00:34 +0300
Subject: Bug #46080: group_concat(... order by) crashes server when  
 sort_buffer_size cannot allocate

The NULL return from tree_insert() (on low memory) was not
checked for in Item_func_group_concat::add(). As a result
on low memory conditions a crash happens.

Fixed by properly checking the return code.
---
 sql/item_sum.cc | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sql/item_sum.cc')

diff --git a/sql/item_sum.cc b/sql/item_sum.cc
index a381361e8a2..dde8fe29e5a 100644
--- a/sql/item_sum.cc
+++ b/sql/item_sum.cc
@@ -3291,8 +3291,13 @@ bool Item_func_group_concat::add()
 
   TREE_ELEMENT *el= 0;                          // Only for safety
   if (row_eligible && tree)
+  {
     el= tree_insert(tree, table->record[0] + table->s->null_bytes, 0,
                     tree->custom_arg);
+    /* check if there was enough memory to insert the row */
+    if (!el)
+      return 1;
+  }
   /*
     If the row is not a duplicate (el->count == 1)
     we can dump the row here in case of GROUP_CONCAT(DISTINCT...)
-- 
cgit v1.2.1