Fixed bug #32403: query causes a crash due to stack and

memory corruptions. The right pointer field of the SEL_ARG structure was not initialized in the constructor and sometimes that led to server crashes. There is no testcase because the bug occurs only when uninitialized memory has particular values, which can't be re-created in the test suite.

Fixed bug #32403: query causes a crash due to stack and
memory corruptions. The right pointer field of the SEL_ARG structure was not initialized in the constructor and sometimes that led to server crashes. There is no testcase because the bug occurs only when uninitialized memory has particular values, which can't be re-created in the test suite.
97ac0c27 · gshchepa/uchum@gleb.loc · fedeec6c · 97ac0c27
Commit 97ac0c27 authored Nov 27, 2007 by gshchepa/uchum@gleb.loc
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

sql/opt_range.cc sql/opt_range.cc +4 -1

No files found.
--- a/sql/opt_range.cc
+++ b/sql/opt_range.cc
@@ -250,6 +250,9 @@ public:
  Field *field;
  char *min_value,*max_value;			// Pointer to range
+  /*
+    eq_tree() requires that left == right == 0 if the type is MAYBE_KEY.
+   */
  SEL_ARG *left,*right;   /* R-B tree children */
  SEL_ARG *next,*prev;    /* Links for bi-directional interval list */
  SEL_ARG *parent;        /* R-B tree parent */
@@ -265,7 +268,7 @@ public:
  SEL_ARG(Field *field, uint8 part, char *min_value, char *max_value,
 	  uint8 min_flag, uint8 max_flag, uint8 maybe_flag);
  SEL_ARG(enum Type type_arg)
-    :min_flag(0),elements(1),use_count(1),left(0),next_key_part(0),
+    :min_flag(0),elements(1),use_count(1),left(0),right(0),next_key_part(0),
    color(BLACK), type(type_arg)
  {}
  inline bool is_same(SEL_ARG *arg)