From 609a794b15fe44408fa47582e798147d1ffe3463 Mon Sep 17 00:00:00 2001
From: Anurag Shekhar <anurag.shekhar@sun.com>
Date: Wed, 6 May 2009 13:37:10 +0530
Subject: Bug #39918 memory (heap) engine crashing with b-tree index and DELETE
          with seg fault

Multiple-table DELETE from a table joined to itself may cause
server crash. This was originally discovered with MEMORY engine,
but may affect other engines with different symptoms.

The problem was that the server violated SE API by performing
parallel table scan in one handler and removing records in
another (delete on the fly optimization).


mysql-test/r/heap_btree.result:
  Updated test result after adding new test for this bug.
mysql-test/t/heap_btree.test:
  Updated test result after adding new test for the bug report.
sql/sql_delete.cc:
  Updated to check if the files in delete list appears in join list and disable
  delete while scanning, if it appears.
---
 sql/sql_delete.cc | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'sql/sql_delete.cc')

diff --git a/sql/sql_delete.cc b/sql/sql_delete.cc
index a757b7c28a5..5307a4426c5 100644
--- a/sql/sql_delete.cc
+++ b/sql/sql_delete.cc
@@ -503,6 +503,11 @@ int mysql_multi_delete_prepare(THD *thd)
       }
     }
   }
+  /*
+    Reset the exclude flag to false so it doesn't interfare
+    with further calls to unique_table
+  */
+  lex->select_lex.exclude_from_table_unique_test= FALSE;
   DBUG_RETURN(FALSE);
 }
 
@@ -538,11 +543,24 @@ multi_delete::initialize_tables(JOIN *join)
     DBUG_RETURN(1);
 
   table_map tables_to_delete_from=0;
+  delete_while_scanning= 1;
   for (walk= delete_tables; walk; walk= walk->next_local)
+  {
     tables_to_delete_from|= walk->table->map;
+    if (delete_while_scanning &&
+        unique_table(thd, walk, join->tables_list, false))
+    {
+      /*
+        If the table we are going to delete from appears
+        in join, we need to defer delete. So the delete
+        doesn't interfers with the scaning of results.
+      */
+      delete_while_scanning= 0;
+    }
+  }
+
 
   walk= delete_tables;
-  delete_while_scanning= 1;
   for (JOIN_TAB *tab=join->join_tab, *end=join->join_tab+join->tables;
        tab < end;
        tab++)
-- 
cgit v1.2.1