MDEV-10694 - SIGFPE and/or huge memory allocation in maria_create ...bb-10.2-mdev10694

The issue was that JOIN::rollup_write_data() used JOIN::tmp_table_param::[start_]recinfo, which had uninitialized data. These fields have uninitialized data, because JOIN::tmp_table_param currently only stores some grouping-related data fields. The data about the work (temporary) tables themselves is stored in join->join_tab[...].tmp_table_param. The fix is to make JOIN::rollup_write_data follow this convention and look at the right TMP_TABLE_PARAM object
author: Sergei Petrunia <psergey@askmonty.org> 2017-02-14 07:18:55 -0800
committer: Sergei Petrunia <psergey@askmonty.org> 2017-02-14 07:18:55 -0800
commit: 20a92ccc0439a1a02c336e397cc2cc4ec8aba797 (patch)
tree: b0bb7d3222e9e7a3de777f85ae4a98e9f6460e22 /sql/sql_select.h
parent: f76d5fefb818760f41488c1793fca27d97c9c2a0 (diff)
download: mariadb-git-bb-10.2-mdev10694.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sql_select.h b/sql/sql_select.h
index f5bbc6718a0..76cded43128 100644
--- a/sql/sql_select.h
+++ b/sql/sql_select.h
@@ -1559,7 +1559,7 @@ public:
   bool rollup_make_fields(List<Item> &all_fields, List<Item> &fields,
 			  Item_sum ***func);
   int rollup_send_data(uint idx);
-  int rollup_write_data(uint idx, TABLE *table);
+  int rollup_write_data(uint idx, TMP_TABLE_PARAM *tmp_table_param, TABLE *table);
   void join_free();
   /** Cleanup this JOIN, possibly for reuse */
   void cleanup(bool full);
author	Sergei Petrunia <psergey@askmonty.org>	2017-02-14 07:18:55 -0800
committer	Sergei Petrunia <psergey@askmonty.org>	2017-02-14 07:18:55 -0800
commit	20a92ccc0439a1a02c336e397cc2cc4ec8aba797 (patch)
tree	b0bb7d3222e9e7a3de777f85ae4a98e9f6460e22 /sql/sql_select.h
parent	f76d5fefb818760f41488c1793fca27d97c9c2a0 (diff)
download	mariadb-git-bb-10.2-mdev10694.tar.gz