From 75d59ff9672856f8e18394e822e69cd611700594 Mon Sep 17 00:00:00 2001 From: Jon Olav Hauglid Date: Fri, 29 Oct 2010 16:10:53 +0200 Subject: Bug #57659 Segfault in Query_cache::invalidate_data for TRUNCATE TABLE This crash could happen if TRUNCATE TABLE indirectly failed to open a merge table due to failures to open underlying tables. Even if opening failed, the TRUNCATE TABLE code would try to invalidate the table in the query cache. Since this table had been closed and memory released, this could lead to a crash. This bug was introduced by a combination of the changes introduced by the patch for Bug#52044, where failing to open a table will cause opened tables to be closed. And the changes in patch for Bug#49938, where TRUNCATE TABLE uses the standard open tables function. This patch fixes the problem by setting the TABLE pointer to NULL before invalidating the query cache. Test case added to truncate_coverage.test. --- sql/sql_truncate.cc | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'sql/sql_truncate.cc') diff --git a/sql/sql_truncate.cc b/sql/sql_truncate.cc index 0cff2875ac8..909c6a08b67 100644 --- a/sql/sql_truncate.cc +++ b/sql/sql_truncate.cc @@ -472,6 +472,13 @@ bool Truncate_statement::truncate_table(THD *thd, TABLE_LIST *table_ref) binlog_stmt= !error || error != HA_ERR_WRONG_COMMAND; } + /* + If we tried to open a MERGE table and failed due to problems with the + children tables, the table will have been closed and table_ref->table + will be invalid. Reset the pointer here in any case as + query_cache_invalidate does not need a valid TABLE object. + */ + table_ref->table= NULL; query_cache_invalidate3(thd, table_ref, FALSE); } -- cgit v1.2.1