• Sergey Glukhov's avatar
    Bug#16075310 SERVER CRASH OR VALGRIND ERRORS IN ITEM_FUNC_GROUP_CONCAT::SETUP AND ::ADD · 6077a41a
    Sergey Glukhov authored
    Item_func_group_concat::copy_or_same() creates a copy of original object.
    It also creates a copy of ORDER structure because ORDER struct elements may
    be modified in find_order_in_list() called from Item_func_group_concat::setup().
    As ORDER copy is created using memcpy, ORDER::next elements point to original
    ORDER structs. Thus find_order_in_list() called from EXECUTE stmt modifies
    ordinal ORDER item pointers so they point to runtime items, these items are
    freed after execution, so original ORDER structure becomes invalid.
    The fix is to properly update ORDER::next fields so that they point to
    new ORDER elements.
    
    
    
    sql/item_sum.cc:
      update ORDER::next fields so that they point to new ORDER elements.
    6077a41a
item_sum.cc 85.9 KB