[Commits] a6fb647: MDEV-10419: crash in mariadb 10.1.16-MariaDB-1~trusty

Sergei Petrunia psergey at askmonty.org
Fri Sep 2 16:20:39 EEST 2016


revision-id: a6fb6473cf20c70589bb18adf346f3be8793603d
parent(s): addb38f4763faa0378cd369106372a0eb0f0ee75
committer: Sergei Petrunia
branch nick: 10.2
timestamp: 2016-09-02 16:20:38 +0300
message:

MDEV-10419: crash in mariadb 10.1.16-MariaDB-1~trusty

Fixed initialization and usage of THD reference in subselect engines.

---
 mysql-test/r/view.result |   15 +++++++++++++++
 mysql-test/t/view.test   |   15 +++++++++++++++
 sql/item_subselect.cc    |    8 +++++---
 sql/item_subselect.h     |    5 +++--
 4 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/mysql-test/r/view.result b/mysql-test/r/view.result
index 8ab215f..a3f671b 100644
--- a/mysql-test/r/view.result
+++ b/mysql-test/r/view.result
@@ -5561,6 +5561,21 @@ test.v1	check	Error	'test.v1' is not BASE TABLE
 test.v1	check	status	Operation failed
 drop view v1;
 drop table t1;
+#
+# MDEV-10419: crash in mariadb 10.1.16-MariaDB-1~trusty
+#
+CREATE TABLE t1 (c1 CHAR(13));
+CREATE TABLE t2 (c2 CHAR(13));
+CREATE FUNCTION f() RETURNS INT RETURN 0;
+CREATE OR REPLACE VIEW v1 AS select f() from t1 where c1 in (select c2 from t2);
+DROP FUNCTION f;
+SHOW CREATE VIEW v1;
+View	Create View	character_set_client	collation_connection
+v1	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `f`() AS `f()` from `t1` where `test`.`t1`.`c1` in (select `test`.`t2`.`c2` from `t2`)	latin1	latin1_swedish_ci
+Warnings:
+Warning	1356	View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+drop view v1;
+drop table t1,t2;
 # -----------------------------------------------------------------
 # -- End of 5.5 tests.
 # -----------------------------------------------------------------
diff --git a/mysql-test/t/view.test b/mysql-test/t/view.test
index e2bc216..95f5201 100644
--- a/mysql-test/t/view.test
+++ b/mysql-test/t/view.test
@@ -5495,6 +5495,21 @@ alter table v1 check partition p1;
 drop view v1;
 drop table t1;
 
+
+--echo #
+--echo # MDEV-10419: crash in mariadb 10.1.16-MariaDB-1~trusty
+--echo #
+CREATE TABLE t1 (c1 CHAR(13));
+CREATE TABLE t2 (c2 CHAR(13));
+ 
+CREATE FUNCTION f() RETURNS INT RETURN 0;
+CREATE OR REPLACE VIEW v1 AS select f() from t1 where c1 in (select c2 from t2);
+DROP FUNCTION f;
+ 
+SHOW CREATE VIEW v1;
+
+drop view v1;
+drop table t1,t2;
 --echo # -----------------------------------------------------------------
 --echo # -- End of 5.5 tests.
 --echo # -----------------------------------------------------------------
diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc
index fde85e4..8faf3b4 100644
--- a/sql/item_subselect.cc
+++ b/sql/item_subselect.cc
@@ -3830,7 +3830,7 @@ int subselect_uniquesubquery_engine::scan_table()
   }
 
   table->file->extra_opt(HA_EXTRA_CACHE,
-                         current_thd->variables.read_buff_size);
+                         get_thd()->variables.read_buff_size);
   table->null_row= 0;
   for (;;)
   {
@@ -4268,7 +4268,7 @@ table_map subselect_union_engine::upper_select_const_tables()
 void subselect_single_select_engine::print(String *str,
                                            enum_query_type query_type)
 {
-  select_lex->print(thd, str, query_type);
+  select_lex->print(get_thd(), str, query_type);
 }
 
 
@@ -4799,6 +4799,7 @@ ulonglong subselect_hash_sj_engine::rowid_merge_buff_size(
 
 bool subselect_hash_sj_engine::init(List<Item> *tmp_columns, uint subquery_id)
 {
+  THD *thd= get_thd();
   select_union *result_sink;
   /* Options to create_tmp_table. */
   ulonglong tmp_create_options= thd->variables.option_bits | TMP_TABLE_ALL_COLUMNS;
@@ -6032,6 +6033,7 @@ void subselect_partial_match_engine::print(String *str,
 subselect_rowid_merge_engine::init(MY_BITMAP *non_null_key_parts,
                                    MY_BITMAP *partial_match_key_parts)
 {
+  THD *thd= get_thd();
   /* The length in bytes of the rowids (positions) of tmp_table. */
   uint rowid_length= tmp_table->file->ref_length;
   ha_rows row_count= tmp_table->file->stats.records;
@@ -6570,7 +6572,7 @@ bool subselect_table_scan_engine::partial_match()
   }
 
   tmp_table->file->extra_opt(HA_EXTRA_CACHE,
-                             current_thd->variables.read_buff_size);
+                             get_thd()->variables.read_buff_size);
   for (;;)
   {
     error= tmp_table->file->ha_rnd_next(tmp_table->record[0]);
diff --git a/sql/item_subselect.h b/sql/item_subselect.h
index 178c875..435a4e8 100644
--- a/sql/item_subselect.h
+++ b/sql/item_subselect.h
@@ -762,7 +762,8 @@ class subselect_engine: public Sql_alloc
                          ROWID_MERGE_ENGINE, TABLE_SCAN_ENGINE};
 
   subselect_engine(Item_subselect *si,
-                   select_result_interceptor *res)
+                   select_result_interceptor *res):
+    thd(NULL)
   {
     result= res;
     item= si;
@@ -778,7 +779,7 @@ class subselect_engine: public Sql_alloc
     Should be called before prepare().
   */
   void set_thd(THD *thd_arg);
-  THD * get_thd() { return thd; }
+  THD * get_thd() { return thd ? thd : current_thd; }
   virtual int prepare(THD *)= 0;
   virtual void fix_length_and_dec(Item_cache** row)= 0;
   /*


More information about the commits mailing list