From 7c87385e3075143de18e50c1d327eeb2e224603a Mon Sep 17 00:00:00 2001
From: Igor Babaev <igor@askmonty.org>
Date: Thu, 10 Oct 2013 10:08:26 -0700
Subject: Fixed bug mdev-5105. The bug caused a memory overwrite in the
 function update_ref_and_keys() It happened due to a wrong value of
 SELECT_LEX::cond_count. This value historically was calculated by the
 fix_fields method. Now the logic of calling this method became too
 complicated and, as a result, this value is calculated not always correctly.
 The patch changes the way how and when  the values of SELECT_LEX::cond_count
 and of SELECT_LEX::between_count are calculated. The new code does it just at
 the beginning of update_ref_and_keys().

---
 sql/sql_derived.cc | 2 --
 1 file changed, 2 deletions(-)

(limited to 'sql/sql_derived.cc')

diff --git a/sql/sql_derived.cc b/sql/sql_derived.cc
index a8bfc8a11a7..db6ab1fb269 100644
--- a/sql/sql_derived.cc
+++ b/sql/sql_derived.cc
@@ -394,8 +394,6 @@ bool mysql_derived_merge(THD *thd, LEX *lex, TABLE_LIST *derived)
     if (dt_select->options & OPTION_SCHEMA_TABLE)
       parent_lex->options |= OPTION_SCHEMA_TABLE;
 
-    parent_lex->cond_count+= dt_select->cond_count;
-
     if (!derived->get_unit()->prepared)
     {
       dt_select->leaf_tables.empty();
-- 
cgit v1.2.1