3 files changed, 40 insertions, 0 deletions

diff --git a/mysql-test/r/ps.result b/mysql-test/r/ps.result
index dc78f8d04ea..f1c3672083d 100644
--- a/mysql-test/r/ps.result
+++ b/mysql-test/r/ps.result
@@ -773,6 +773,14 @@ ERROR 42000: You have an error in your SQL syntax; check the manual that corresp
 select ? from t1;
 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? from t1' at line 1
 drop table t1;
+CREATE TABLE b12651_T1(a int) ENGINE=MYISAM;
+CREATE TABLE b12651_T2(b int) ENGINE=MYISAM;
+CREATE VIEW  b12651_V1 as SELECT b FROM b12651_T2;
+PREPARE b12651 FROM 'SELECT 1 FROM b12651_T1 WHERE a IN (SELECT b FROM b12651_V1)';
+EXECUTE b12651;
+1
+DROP VIEW b12651_V1;
+DROP TABLE b12651_T1, b12651_T2;
 prepare stmt from "select @@time_zone";
 execute stmt;
 @@time_zone
diff --git a/mysql-test/t/ps.test b/mysql-test/t/ps.test
index 94596fbbc0e..94ee2b1ca39 100644
--- a/mysql-test/t/ps.test
+++ b/mysql-test/t/ps.test
@@ -809,6 +809,21 @@ select ??;
 select ? from t1;
 --enable_ps_protocol
 drop table t1;
+
+#
+# Bug#12651
+# (Crash on a PS including a subquery which is a select from a simple view)
+#
+CREATE TABLE b12651_T1(a int) ENGINE=MYISAM;
+CREATE TABLE b12651_T2(b int) ENGINE=MYISAM;
+CREATE VIEW  b12651_V1 as SELECT b FROM b12651_T2;
+
+PREPARE b12651 FROM 'SELECT 1 FROM b12651_T1 WHERE a IN (SELECT b FROM b12651_V1)';
+EXECUTE b12651;
+
+DROP VIEW b12651_V1;
+DROP TABLE b12651_T1, b12651_T2;
+
 #
 # Bug#9359 "Prepared statements take snapshot of system vars at PREPARE
 # time"
diff --git a/sql/sql_base.cc b/sql/sql_base.cc
index 7025568a1c8..3dce47cd9cf 100644
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -2612,6 +2612,8 @@ find_field_in_view(THD *thd, TABLE_LIST *table_list,
               table_list->alias, name, item_name, (ulong) ref));
   Field_iterator_view field_it;
   field_it.set(table_list);
+  Query_arena *arena, backup;  
+  
   DBUG_ASSERT(table_list->schema_table_reformed ||
               (ref != 0 && table_list->view != 0));
   for (; !field_it.end_of_fields(); field_it.next())
@@ -2633,7 +2635,13 @@ find_field_in_view(THD *thd, TABLE_LIST *table_list,
                              name, length))
         DBUG_RETURN(WRONG_GRANT);
 #endif
+      // in PS use own arena or data will be freed after prepare
+      if (register_tree_change)
+        arena= thd->activate_stmt_arena_if_needed(&backup);
       Item *item= field_it.create_item(thd);
+      if (register_tree_change && arena)
+        thd->restore_active_arena(arena, &backup);
+      
       if (!item)
         DBUG_RETURN(0);
       /*
@@ -2695,6 +2703,8 @@ find_field_in_natural_join(THD *thd, TABLE_LIST *table_ref, const char *name,
     field_it(*(table_ref->join_columns));
   Natural_join_column *nj_col;
   Field *found_field;
+  Query_arena *arena, backup;
+
   DBUG_ENTER("find_field_in_natural_join");
   DBUG_PRINT("enter", ("field name: '%s', ref 0x%lx",
 		       name, (ulong) ref));
@@ -2723,7 +2733,14 @@ find_field_in_natural_join(THD *thd, TABLE_LIST *table_ref, const char *name,
       The found field is a view field, we do as in find_field_in_view()
       and return a pointer to pointer to the Item of that field.
     */
+    if (register_tree_change)
+      arena= thd->activate_stmt_arena_if_needed(&backup);
+
     Item *item= nj_col->create_item(thd);
+
+    if (register_tree_change && arena)
+      thd->restore_active_arena(arena, &backup);
+
     if (!item)
       DBUG_RETURN(NULL);
     DBUG_ASSERT(nj_col->table_field == NULL);