Fix for bug #18306: MySQL crashes and restarts using subquery

mysql-test/r/subselect.result: Fix for bug #18306: MySQL crashes and restarts using subquery test case mysql-test/t/subselect.test: Fix for bug #18306: MySQL crashes and restarts using subquery test case sql/opt_range.cc: Fix for bug #18306: MySQL crashes and restarts using subquery Restore thd->mem_root because during the cond->val_int() evaluation we can come across a subselect item which may allocate memory on the thd->mem_root and assumes all the memory allocated has the same life span as the subselect item itself.

Fix for bug #18306: MySQL crashes and restarts using subquery
mysql-test/r/subselect.result: Fix for bug #18306: MySQL crashes and restarts using subquery test case mysql-test/t/subselect.test: Fix for bug #18306: MySQL crashes and restarts using subquery test case sql/opt_range.cc: Fix for bug #18306: MySQL crashes and restarts using subquery Restore thd->mem_root because during the cond->val_int() evaluation we can come across a subselect item which may allocate memory on the thd->mem_root and assumes all the memory allocated has the same life span as the subselect item itself.
abffce9c · unknown · 0ef3cd6c · abffce9c · abffce9c · abffce9c
Commit abffce9c authored Mar 23, 2006 by unknown
Show whitespace changes
Inline Side-by-side

Showing with 29 additions and 3 deletions

mysql-test/r/subselect.result mysql-test/r/subselect.result +6 -0

mysql-test/t/subselect.test mysql-test/t/subselect.test +11 -0

sql/opt_range.cc sql/opt_range.cc +12 -3

No files found.
--- a/mysql-test/r/subselect.result
+++ b/mysql-test/r/subselect.result
@@ -3163,3 +3163,9 @@ t
 crash1
 crash1
 drop table t1;
+create table t1 (c int, key(c));
+insert into t1 values (1142477582), (1142455969);
+create table t2 (a int, b int);
+insert into t2 values (2, 1), (1, 0);
+delete from t1 where c <= 1140006215 and (select b from t2 where a = 2) = 1;
+drop table t1, t2;
--- a/mysql-test/t/subselect.test
+++ b/mysql-test/t/subselect.test
@@ -2074,3 +2074,14 @@ create table t1( f1 int,f2 int);
 insert into t1 values (1,1),(2,2);
 select tt.t from (select 'crash1' as t, f2 from t1) as tt left join t1 on tt.t = 'crash2' and tt.f2 = t1.f2 where tt.t = 'crash1';
 drop table t1;
+
+#
+# Bug #18306: server crash on delete using subquery.
+#
+
+create table t1 (c int, key(c));                              
+insert into t1 values (1142477582), (1142455969);
+create table t2 (a int, b int);
+insert into t2 values (2, 1), (1, 0);
+delete from t1 where c <= 1140006215 and (select b from t2 where a = 2) = 1;
+drop table t1, t2;
--- a/sql/opt_range.cc
+++ b/sql/opt_range.cc
@@ -3604,9 +3604,18 @@ static SEL_TREE *get_mm_tree(PARAM *param,COND *cond)
  /* Here when simple cond */
  if (cond->const_item())
  {
-    if (cond->val_int())
-      DBUG_RETURN(new SEL_TREE(SEL_TREE::ALWAYS));
-    DBUG_RETURN(new SEL_TREE(SEL_TREE::IMPOSSIBLE));
+    /*
+      During the cond->val_int() evaluation we can come across a subselect 
+      item which may allocate memory on the thd->mem_root and assumes 
+      all the memory allocated has the same life span as the subselect 
+      item itself. So we have to restore the thread's mem_root here.
+    */
+    MEM_ROOT *tmp_root= param->mem_root;
+    param->thd->mem_root= param->old_root;
+    tree= cond->val_int() ? new(tmp_root) SEL_TREE(SEL_TREE::ALWAYS) :
+                            new(tmp_root) SEL_TREE(SEL_TREE::IMPOSSIBLE);
+    param->thd->mem_root= tmp_root;
+    DBUG_RETURN(tree);
  }

  table_map ref_tables= 0;