From e57ea46d5a4192fecd6ab43b9c6f07997bb85a85 Mon Sep 17 00:00:00 2001 From: Martin Hansson Date: Tue, 12 Jan 2010 15:16:26 +0100 Subject: Bug#48157: crash in Item_field::used_tables MySQL handles the join syntax "JOIN ... USING( field1, ... )" and natural joins by building the same parse tree as a corresponding join with an "ON t1.field1 = t2.field1 ..." expression would produce. This parse tree was not cleaned up properly in the following scenario. If a thread tries to lock some tables and finds that the tables were dropped and re-created while waiting for the lock, it cleans up column references in the statement by means a per-statement free list. But if the statement was part of a stored procedure, column references on the stored procedure's free list weren't cleaned up and thus contained pointers to freed objects. Fixed by adding a call to clean up the current prepared statement's free list. --- sql/sql_update.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'sql/sql_update.cc') diff --git a/sql/sql_update.cc b/sql/sql_update.cc index c988d746500..26f40c7fa9f 100644 --- a/sql/sql_update.cc +++ b/sql/sql_update.cc @@ -23,6 +23,7 @@ #include "sql_select.h" #include "sp_head.h" #include "sql_trigger.h" +#include "debug_sync.h" /* Return 0 if row hasn't changed */ @@ -1143,8 +1144,11 @@ reopen_tables: items from 'fields' list, so the cleanup above is necessary to. */ cleanup_items(thd->free_list); - + cleanup_items(thd->stmt_arena->free_list); close_tables_for_reopen(thd, &table_list); + + DEBUG_SYNC(thd, "multi_update_reopen_tables"); + goto reopen_tables; } -- cgit v1.2.1