maria-developers team mailing list archive

[Oleksandr Byelkin <sanja@xxxxxxxxxxxxxxxx>]

Hi!

On 23.06.2016 23:49, Sergey Petrunia wrote:
> Hi Sanja,
>
> On Wed, Jun 22, 2016 at 02:17:06PM +0200, Oleksandr Byelkin wrote:
> > revision-id: 475cab835fb48c91d5cca649ab93917ec1718d75 (mariadb-5.5.50-6-g475cab8)
> > parent(s): a482e76e65a4fee70479e877929381c86b1ec62f
> > committer: Oleksandr Byelkin
> > timestamp: 2016-06-22 14:17:06 +0200
> > message:
> >
> > MDEV-10050: Crash in subselect
> >
> > thd should not be taken earlier then fix_field and reset on fix_fields if it is needed.
> >
> > ---
> >   sql/item_subselect.cc | 15 ++++++++++++---
> >   1 file changed, 12 insertions(+), 3 deletions(-)
> >
> > diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc
> > index ba67474..60cdd3f 100644
> > --- a/sql/item_subselect.cc
> > +++ b/sql/item_subselect.cc
> > @@ -79,7 +79,9 @@ void Item_subselect::init(st_select_lex *select_lex,
> >     DBUG_PRINT("enter", ("select_lex: 0x%lx  this: 0x%lx",
> >                          (ulong) select_lex, (ulong) this));
> >     unit= select_lex->master_unit();
> > -  thd= unit->thd;
> > +#ifndef DBUG_OFF
> > +  thd= 0;
> > +#endif
> So I've applied the patch, and I'm debugging this statement:
>
> prepare s from 'select a, (select max(one_k.a) from one_k where one_k.a <ten.a) from ten';
>
> (this is just the first subquery I tried, nothing special about it).
>
> We arrive at the above #ifndef, and I have thd=0xa5a5a5a5a5, that is, it's
> uninitialized data.
>
> I let it execute further...

You are absolutely right, I forgot that engines also took thd on cration 
instead of prepare.  Now it is fixed.

revision-id: 79f852a069fb6ba5e18fd66ea2a24fa91c245c24 (mariadb-5.5.50-7-g79f852a)
parent(s): ef92aaf9ece92c873ae0f3448ab2274c958ba3fe
committer: Oleksandr Byelkin
timestamp: 2016-06-24 14:15:35 +0200
message:

MDEV-10050: Crash in subselect

thd should not be taken earlier then fix_field and reset on fix_fields if it is needed.



[skip]