protection: TRASH in delete

fixed a bug that it discovered

include/my_sys.h

@@ -138,6 +138,7 @@ extern int NEAR my_errno;		/* Last error in mysys */
 #define my_memdup(A,B,C) _my_memdup((A),(B), __FILE__,__LINE__,C)
 #define my_strdup(A,C) _my_strdup((A), __FILE__,__LINE__,C)
 #define my_strdup_with_length(A,B,C) _my_strdup_with_length((A),(B),__FILE__,__LINE__,C)
+#define TRASH(A,B) bfill(A, B, 0x8F)
 #define QUICK_SAFEMALLOC sf_malloc_quick=1
 #define NORMAL_SAFEMALLOC sf_malloc_quick=0
 extern uint sf_malloc_prehunc,sf_malloc_endhunc,sf_malloc_quick;
@@ -164,6 +165,7 @@ extern char *my_strdup_with_length(const byte *from, uint length,
 #define CALLER_INFO_PROTO   /* nothing */
 #define CALLER_INFO         /* nothing */
 #define ORIG_CALLER_INFO    /* nothing */
+#define TRASH(A,B) /* nothing */
 #endif
 
 #ifdef HAVE_ALLOCA

sql/field.h

@@ -37,11 +37,7 @@ class Field
   void operator=(Field &);
 public:
   static void *operator new(size_t size) {return (void*) sql_alloc((uint) size); }
-  static void operator delete(void *ptr_arg, size_t size) {
-#ifdef SAFEMALLOC
-    bfill(ptr_arg, size, 0x8F);
-#endif
-  }
+  static void operator delete(void *ptr_arg, size_t size) { TRASH(ptr_arg, size); }
 
   char		*ptr;			// Position to field in record
   uchar		*null_ptr;		// Byte where null_bit is

sql/item.h

@@ -120,8 +120,9 @@ class Item {
   static void *operator new(size_t size) {return (void*) sql_alloc((uint) size); }
   static void *operator new(size_t size, MEM_ROOT *mem_root)
   { return (void*) alloc_root(mem_root, (uint) size); }
-  static void operator delete(void *ptr,size_t size) {}
-  static void operator delete(void *ptr,size_t size, MEM_ROOT *mem_root) {}
+  static void operator delete(void *ptr,size_t size) { TRASH(ptr, size); }
+  static void operator delete(void *ptr,size_t size, MEM_ROOT *mem_root)
+  { TRASH(ptr, size); }
 
   enum Type {FIELD_ITEM, FUNC_ITEM, SUM_FUNC_ITEM, STRING_ITEM,
 	     INT_ITEM, REAL_ITEM, NULL_ITEM, VARBIN_ITEM,

sql/item_func.h

@@ -1035,11 +1035,7 @@ class Item_func_match :public Item_real_func
 	table->file->ft_handler=0;
       table->fulltext_searched=0;
     }
-    if (concat)
-    {
-      delete concat;
-      concat= 0;
-    }
+    concat= 0;
     DBUG_VOID_RETURN;
   }
   enum Functype functype() const { return FT_FUNC; }

sql/opt_range.cc

@@ -1360,7 +1360,7 @@ class TABLE_READ_PLAN
   /* Table read plans are allocated on MEM_ROOT and are never deleted */
   static void *operator new(size_t size, MEM_ROOT *mem_root)
   { return (void*) alloc_root(mem_root, (uint) size); }
-  static void operator delete(void *ptr,size_t size) {}
+  static void operator delete(void *ptr,size_t size) { TRASH(ptr, size); }
 };
 
 class TRP_ROR_INTERSECT;

sql/sql_lex.h

@@ -283,8 +283,9 @@ class st_select_lex_node {
   }
   static void *operator new(size_t size, MEM_ROOT *mem_root)
   { return (void*) alloc_root(mem_root, (uint) size); }
-  static void operator delete(void *ptr,size_t size) {}
-  static void operator delete(void *ptr,size_t size, MEM_ROOT *mem_root) {}
+  static void operator delete(void *ptr,size_t size) { TRASH(ptr, size); }
+  static void operator delete(void *ptr,size_t size, MEM_ROOT *mem_root)
+  { TRASH(ptr, size); }
   st_select_lex_node(): linkage(UNSPECIFIED_TYPE) {}
   virtual ~st_select_lex_node() {}
   inline st_select_lex_node* get_master() { return master; }
@@ -820,7 +821,8 @@ struct st_lex_local: public st_lex
   {
     return (void*) alloc_root(mem_root, (uint) size);
   }
-  static void operator delete(void *ptr,size_t size) {}
+  static void operator delete(void *ptr,size_t size)
+  { TRASH(ptr, size); }
 };
 
 void lex_init(void);

sql/sql_list.h

@@ -21,12 +21,6 @@
 
 /* mysql standard class memory allocator */
 
-#ifdef SAFEMALLOC
-#define TRASH(XX,YY) bfill((XX), (YY), 0x8F)
-#else
-#define TRASH(XX,YY) /* no-op */
-#endif
-
 class Sql_alloc
 {
 public:

sql/sql_parse.cc

@@ -1175,9 +1175,13 @@ extern "C" pthread_handler_decl(handle_bootstrap,arg)
 
 void free_items(Item *item)
 {
+  Item *next;
   DBUG_ENTER("free_items");
-  for (; item ; item=item->next)
+  for (; item ; item=next)
+  {
+    next=item->next;
     item->delete_self();
+  }
   DBUG_VOID_RETURN;
 }
 

sql/sql_select.cc

@@ -6025,9 +6025,13 @@ static void clear_tables(JOIN *join)
 
 class COND_CMP :public ilink {
 public:
-  static void *operator new(size_t size) {return (void*) sql_alloc((uint) size); }
+  static void *operator new(size_t size)
+  {
+    return (void*) sql_alloc((uint) size);
+  }
   static void operator delete(void *ptr __attribute__((unused)),
-			      size_t size __attribute__((unused))) {} /*lint -e715 */
+                              size_t size __attribute__((unused)))
+  { TRASH(ptr, size); }
 
   Item *and_level;
   Item_func *cmp_func;

sql/sql_show.cc

@@ -1257,9 +1257,13 @@ view_store_create_info(THD *thd, TABLE_LIST *table, String *buff)
 
 class thread_info :public ilink {
 public:
-  static void *operator new(size_t size) {return (void*) sql_alloc((uint) size); }
+  static void *operator new(size_t size)
+  {
+    return (void*) sql_alloc((uint) size);
+  }
   static void operator delete(void *ptr __attribute__((unused)),
-                              size_t size __attribute__((unused))) {} /*lint -e715 */
+                              size_t size __attribute__((unused)))
+  { TRASH(ptr, size); }
 
   ulong thread_id;
   time_t start_time;

sql/sql_string.h

@@ -72,9 +72,9 @@ class String
   static void *operator new(size_t size, MEM_ROOT *mem_root)
   { return (void*) alloc_root(mem_root, (uint) size); }
   static void operator delete(void *ptr_arg,size_t size)
-    {}
+  { TRASH(ptr_arg, size); }
   static void operator delete(void *ptr_arg,size_t size, MEM_ROOT *mem_root)
-    {}
+  { TRASH(ptr_arg, size); }
   ~String() { free(); }
 
   inline void set_charset(CHARSET_INFO *charset) { str_charset= charset; }