From 6628435e94f11116909163f1e135f86a64f2b6cb Mon Sep 17 00:00:00 2001
From: Igor Babaev <igor@askmonty.org>
Date: Tue, 17 Nov 2020 14:28:30 -0800
Subject: MDEV-24220 Server crash in base_list_iterator::next or            in
 TABLE_LIST::is_recursive_with_tables

After the patch for MDEV-23619 the code of st_select_lex::cleanup started
using the list st_select_lex::leaf_tables. This list is built for any
query with FROM clause in the function setup_tables(). If such query is
used in a stored procedure it must be ensured that the list is empty
before each new call of the procedure. Otherwise if the first call of
the procedure is successful while the second call reports an error before
the setup_tables() is invoked then list st_select_lex::leaf_tables would
point to a piece of memory that has been already freed.

Approved by Oleksandr Byelkin <sanja@mariadb.com>
---
 mysql-test/r/sp.result | 20 ++++++++++++++++++++
 mysql-test/t/sp.test   | 25 +++++++++++++++++++++++++
 sql/sql_union.cc       |  1 +
 3 files changed, 46 insertions(+)

diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result
index c4d3779e484..b679f3f54fc 100644
--- a/mysql-test/r/sp.result
+++ b/mysql-test/r/sp.result
@@ -8467,3 +8467,23 @@ $$
 ERROR 22007: Incorrect integer value: 'y' for column ``.``.`a` at row 1
 DROP TABLE t1;
 SET sql_mode=DEFAULT;
+#
+# MDEV-24220: error when opening a table for the second call of SP
+#
+CREATE TABLE t1 (a INT, b INT);
+INSERT INTO t1 VALUES (1,1),(2,2);
+CREATE VIEW v1 AS SELECT MAX(a) as f FROM t1;
+CREATE PROCEDURE p1()
+BEGIN
+SELECT * FROM v1;
+END $
+CALL p1;
+f
+2
+ALTER TABLE t1 DROP a;
+CALL p1;
+ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+DROP PROCEDURE p1;
+DROP VIEW v1;
+DROP TABLE t1;
+#End of 10.2 tests
diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test
index 99b843059ec..f13b3fbc281 100644
--- a/mysql-test/t/sp.test
+++ b/mysql-test/t/sp.test
@@ -10001,3 +10001,28 @@ $$
 DELIMITER ;$$
 DROP TABLE t1;
 SET sql_mode=DEFAULT;
+
+--echo #
+--echo # MDEV-24220: error when opening a table for the second call of SP
+--echo #
+
+CREATE TABLE t1 (a INT, b INT);
+INSERT INTO t1 VALUES (1,1),(2,2);
+CREATE VIEW v1 AS SELECT MAX(a) as f FROM t1;
+--delimiter $
+CREATE PROCEDURE p1()
+BEGIN
+  SELECT * FROM v1;
+END $
+--delimiter ;
+
+CALL p1;
+ALTER TABLE t1 DROP a;
+-- error ER_VIEW_INVALID
+CALL p1;
+
+DROP PROCEDURE p1;
+DROP VIEW v1;
+DROP TABLE t1;
+
+--echo #End of 10.2 tests
diff --git a/sql/sql_union.cc b/sql/sql_union.cc
index 9a16237042b..7716f792fdc 100644
--- a/sql/sql_union.cc
+++ b/sql/sql_union.cc
@@ -1568,6 +1568,7 @@ bool st_select_lex::cleanup()
     delete join;
     join= 0;
   }
+  leaf_tables.empty();
   for (SELECT_LEX_UNIT *lex_unit= first_inner_unit(); lex_unit ;
        lex_unit= lex_unit->next_unit())
   {
-- 
cgit v1.2.1