MDEV-3810 fix.

The problem is that memory alocated by copy_andor_structure() well be freed, but if level of SELECT_LEX it will be excluded (in case of merge derived tables and view) then sl->where/having will not be updated here but still can be accessed (so it will be access to freed memory). (patch by Sanja)

MDEV-3810 fix.
The problem is that memory alocated by copy_andor_structure() well be freed, but if level of SELECT_LEX it will be excluded (in case of merge derived tables and view) then sl->where/having will not be updated here but still can be accessed (so it will be access to freed memory). (patch by Sanja)
49c8d8b2 · unknown · 3bd3dd54 · 49c8d8b2
Commit 49c8d8b2 authored Nov 09, 2012 by unknown
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 2 deletions

sql/sql_prepare.cc sql/sql_prepare.cc +12 -2

No files found.
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@@ -2447,14 +2447,24 @@ void reinit_stmt_before_use(THD *thd, LEX *lex)
      */
      if (sl->prep_where)
      {
-        sl->where= sl->prep_where->copy_andor_structure(thd);
+        /*
+          We need this rollback because memory allocated in
+          copy_andor_structure() will be freed
+        */
+        thd->change_item_tree((Item**)&sl->where,
+                              sl->prep_where->copy_andor_structure(thd));
        sl->where->cleanup();
      }
      else
        sl->where= NULL;
      if (sl->prep_having)
      {
-        sl->having= sl->prep_having->copy_andor_structure(thd);
+        /*
+          We need this rollback because memory allocated in
+          copy_andor_structure() will be freed
+        */
+        thd->change_item_tree((Item**)&sl->having,
+                              sl->prep_having->copy_andor_structure(thd));
        sl->having->cleanup();
      }
      else