Bug #37362: Crash in do_field_eq
EXPLAIN EXTENDED of nested query containing a error: 1054 Unknown column '...' in 'field list' may cause a server crash. Parse error like described above forces a call to JOIN::destroy() on malformed subquery. That JOIN::destroy function closes and frees temporary tables. However, temporary fields of these tables may be listed in st_select_lex::group_list of outer query, and that st_select_lex may not cleanup them properly. So, after the JOIN::destroy call that st_select_lex::group_list may have Item_field objects with dangling pointers to freed temporary table Field objects. That caused a crash. mysql-test/r/subselect3.result: Added test case for bug #37362. mysql-test/t/subselect3.test: Added test case for bug #37362. sql/sql_select.cc: Bug #37362: Crash in do_field_eq The JOIN::destroy function has been modified to cleanup temporary table column items.
Showing
Please register or sign in to comment