This is a backport from 5.1.32 into 5.1.31sp1.
The original fix was done by Gleb Shchepa on 2009-01-21 All comments are copied from the original fix: Bug#42188: crash and/or memory corruption with user variables in trigger Interchangeable calls to the mysql_change_user client function and invocations of a trigger changing some user variable caused a memory corruption and a crash. The mysql_change_user API call forces TDH::cleanup() on a server that frees user variable entries. However it didn't reset Item_func_set_user_var::entry to NULL because Item_func_set_user_var::cleanup() was not overloaded. So, Item_func_set_user_var::entry held a pointer to freed memory, that caused a crash. The Item_func_set_user_var::cleanup method has been overloaded to cleanup the Item_func_set_user_var::entry field. mysql-test/r/user_var.result: Added test case for bug #42188. mysql-test/t/user_var.test: Added test case for bug #42188 and After-push test file update (see bug 42321) sql/item_func.cc: Bug#42188: crash and/or memory corruption with user variables in trigger The Item_func_set_user_var::cleanup method has been overloaded to cleanup the Item_func_set_user_var::entry field. sql/item_func.h: Bug#42188: crash and/or memory corruption with user variables in trigger The Item_func_set_user_var::cleanup method has been overloaded to cleanup the Item_func_set_user_var::entry field.
Showing
Please register or sign in to comment