Commit 830b8f0e authored by evgen@moonbone.local's avatar evgen@moonbone.local
Browse files

filesort.cc: 

  Bug#33675: Usage of an uninitialized memory by filesort in a subquery caused
  server crash.
  Free smaller buffer before allocating bigger one.
parent 165dfa3e

sql/filesort.cc

+6 −2
Original line number Diff line number Diff line
@@ -239,10 +239,14 @@ ha_rows filesort(THD *thd, TABLE *table, SORT_FIELD *sortorder, uint s_length, 
  }

  else

  {

    if (table_sort.buffpek && table_sort.buffpek_len < maxbuffer)

    {

      x_free(table_sort.buffpek);

      table_sort.buffpek= 0;

    }

    if (!(table_sort.buffpek=

          read_buffpek_from_file(&buffpek_pointers, maxbuffer,

                                 (table_sort.buffpek_len < maxbuffer ?

                                  NULL : table_sort.buffpek))))

                                 table_sort.buffpek)))

      goto err;

    buffpek= (BUFFPEK *) table_sort.buffpek;

    table_sort.buffpek_len= maxbuffer;