mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 20:12:31 +01:00
7853f553be
Actually there is two different bugs. The first one caused crash on queries with WHERE condition over views containing WHERE condition. A wrong check for prepared statement phase led to items for view fields being allocated in the execution memory and freed at the end of execution. Thus the optimized WHERE condition refers to unallocated memory on the second execution and server crashed. The second one caused by the Item_cond::compile function not saving changes it made to the item tree. Thus on the next execution changes weren't reverted and server crashed on dereferencing of unallocated space. The new helper function called is_stmt_prepare_or_first_stmt_execute is added to the Query_arena class. The find_field_in_view function now uses is_stmt_prepare_or_first_stmt_execute() to check whether newly created view items should be freed at the end of the query execution. The Item_cond::compile function now saves changes it makes to item tree. mysql-test/r/ps.result: Added a test case for the bug#48508. mysql-test/t/ps.test: Added a test case for the bug#48508. sql/item_cmpfunc.cc: Bug#48508: Crash on prepared statement re-execution. The Item_cond::compile function now saves changes it makes to item tree. sql/sql_base.cc: Bug#48508: Crash on prepared statement re-execution. The find_field_in_view function now uses is_stmt_prepare_or_first_stmt_execute() to check whether newly created view items should be freed at the end of the query execution. sql/sql_class.h: Bug#48508: Crash on prepared statement re-execution. The Query_arena::is_stmt_prepare_or_first_sp_execute function now correctly do its check. |
||
|---|---|---|
| .. | ||
| examples | ||
| share | ||
| .cvsignore | ||
| add_errmsg | ||
| client_settings.h | ||
| CMakeLists.txt | ||
| custom_conf.h | ||
| derror.cc | ||
| des_key_file.cc | ||
| discover.cc | ||
| field.cc | ||
| field.h | ||
| field_conv.cc | ||
| filesort.cc | ||
| frm_crypt.cc | ||
| gen_lex_hash.cc | ||
| gstream.cc | ||
| gstream.h | ||
| ha_archive.cc | ||
| ha_archive.h | ||
| ha_berkeley.cc | ||
| ha_berkeley.h | ||
| ha_blackhole.cc | ||
| ha_blackhole.h | ||
| ha_federated.cc | ||
| ha_federated.h | ||
| ha_heap.cc | ||
| ha_heap.h | ||
| ha_innodb.cc | ||
| ha_innodb.h | ||
| ha_myisam.cc | ||
| ha_myisam.h | ||
| ha_myisammrg.cc | ||
| ha_myisammrg.h | ||
| ha_ndbcluster.cc | ||
| ha_ndbcluster.h | ||
| ha_ndbcluster_cond.cc | ||
| ha_ndbcluster_cond.h | ||
| handler.cc | ||
| handler.h | ||
| hash_filo.cc | ||
| hash_filo.h | ||
| hostname.cc | ||
| init.cc | ||
| item.cc | ||
| item.h | ||
| item_buff.cc | ||
| item_cmpfunc.cc | ||
| item_cmpfunc.h | ||
| item_create.cc | ||
| item_create.h | ||
| item_func.cc | ||
| item_func.h | ||
| item_geofunc.cc | ||
| item_geofunc.h | ||
| item_row.cc | ||
| item_row.h | ||
| item_strfunc.cc | ||
| item_strfunc.h | ||
| item_subselect.cc | ||
| item_subselect.h | ||
| item_sum.cc | ||
| item_sum.h | ||
| item_timefunc.cc | ||
| item_timefunc.h | ||
| item_uniq.cc | ||
| item_uniq.h | ||
| key.cc | ||
| lex.h | ||
| lex_symbol.h | ||
| lock.cc | ||
| log.cc | ||
| log_event.cc | ||
| log_event.h | ||
| Makefile.am | ||
| matherr.c | ||
| message.h | ||
| message.mc | ||
| message.rc | ||
| mf_iocache.cc | ||
| MSG00001.bin | ||
| my_decimal.cc | ||
| my_decimal.h | ||
| my_lock.c | ||
| mysql_priv.h | ||
| mysqld.cc | ||
| mysqld_suffix.h | ||
| net_serv.cc | ||
| nt_servc.cc | ||
| nt_servc.h | ||
| opt_range.cc | ||
| opt_range.h | ||
| opt_sum.cc | ||
| parse_file.cc | ||
| parse_file.h | ||
| password.c | ||
| procedure.cc | ||
| procedure.h | ||
| protocol.cc | ||
| protocol.h | ||
| records.cc | ||
| repl_failsafe.cc | ||
| repl_failsafe.h | ||
| set_var.cc | ||
| set_var.h | ||
| slave.cc | ||
| slave.h | ||
| sp.cc | ||
| sp.h | ||
| sp_cache.cc | ||
| sp_cache.h | ||
| sp_head.cc | ||
| sp_head.h | ||
| sp_pcontext.cc | ||
| sp_pcontext.h | ||
| sp_rcontext.cc | ||
| sp_rcontext.h | ||
| spatial.cc | ||
| spatial.h | ||
| sql_acl.cc | ||
| sql_acl.h | ||
| sql_analyse.cc | ||
| sql_analyse.h | ||
| sql_array.h | ||
| sql_base.cc | ||
| sql_bitmap.h | ||
| sql_cache.cc | ||
| sql_cache.h | ||
| sql_class.cc | ||
| sql_class.h | ||
| sql_client.cc | ||
| sql_crypt.cc | ||
| sql_crypt.h | ||
| sql_cursor.cc | ||
| sql_cursor.h | ||
| sql_db.cc | ||
| sql_delete.cc | ||
| sql_derived.cc | ||
| sql_do.cc | ||
| sql_error.cc | ||
| sql_error.h | ||
| sql_handler.cc | ||
| sql_help.cc | ||
| sql_insert.cc | ||
| sql_lex.cc | ||
| sql_lex.h | ||
| sql_list.cc | ||
| sql_list.h | ||
| sql_load.cc | ||
| sql_locale.cc | ||
| sql_manager.cc | ||
| sql_manager.h | ||
| sql_map.cc | ||
| sql_map.h | ||
| sql_olap.cc | ||
| sql_parse.cc | ||
| sql_prepare.cc | ||
| sql_profile.cc | ||
| sql_profile.h | ||
| sql_rename.cc | ||
| sql_repl.cc | ||
| sql_repl.h | ||
| sql_select.cc | ||
| sql_select.h | ||
| sql_show.cc | ||
| sql_sort.h | ||
| sql_state.c | ||
| sql_string.cc | ||
| sql_string.h | ||
| sql_table.cc | ||
| sql_test.cc | ||
| sql_trigger.cc | ||
| sql_trigger.h | ||
| sql_udf.cc | ||
| sql_udf.h | ||
| sql_union.cc | ||
| sql_update.cc | ||
| sql_view.cc | ||
| sql_view.h | ||
| sql_yacc.yy | ||
| stacktrace.c | ||
| stacktrace.h | ||
| strfunc.cc | ||
| structs.h | ||
| table.cc | ||
| table.h | ||
| thr_malloc.cc | ||
| time.cc | ||
| tzfile.h | ||
| tztime.cc | ||
| tztime.h | ||
| udf_example.c | ||
| udf_example.def | ||
| uniques.cc | ||
| unireg.cc | ||
| unireg.h | ||
| watchdog_mysqld | ||