From 3c9bfe8334fe2628d29b1aad39d9ad4f5e723d62 Mon Sep 17 00:00:00 2001
From: Georgi Kodinov <joro@sun.com>
Date: Thu, 4 Feb 2010 18:51:55 +0200
Subject: [PATCH] Addendum to the fix for bug #45989

Need to make sure the tmp join doesn't point to the structure already
freed by the cleanup() for the "base" join, as this can lead to
double free, because sometimes both tmp_join and join point to the
same tmp_table_params.copy_field array.
---
 sql/sql_select.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 0a3c61d2b9..9136b2e57e 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -2319,7 +2319,7 @@ JOIN::destroy()
       anywhere else (as we need to keep the join is reusable).
     */
     tmp_table_param.cleanup();
-    tmp_table_param.copy_field= 0;
+    tmp_table_param.copy_field= tmp_join->tmp_table_param.copy_field= 0;
     DBUG_RETURN(tmp_join->destroy());
   }
   cond_equal= 0;
-- 
2.30.9