Loading mysql-test/r/subselect.result +6 −0 Original line number Diff line number Diff line Loading @@ -3163,3 +3163,9 @@ t crash1 crash1 drop table t1; create table t1 (c int, key(c)); insert into t1 values (1142477582), (1142455969); create table t2 (a int, b int); insert into t2 values (2, 1), (1, 0); delete from t1 where c <= 1140006215 and (select b from t2 where a = 2) = 1; drop table t1, t2; mysql-test/t/subselect.test +11 −0 Original line number Diff line number Diff line Loading @@ -2074,3 +2074,14 @@ create table t1( f1 int,f2 int); insert into t1 values (1,1),(2,2); select tt.t from (select 'crash1' as t, f2 from t1) as tt left join t1 on tt.t = 'crash2' and tt.f2 = t1.f2 where tt.t = 'crash1'; drop table t1; # # Bug #18306: server crash on delete using subquery. # create table t1 (c int, key(c)); insert into t1 values (1142477582), (1142455969); create table t2 (a int, b int); insert into t2 values (2, 1), (1, 0); delete from t1 where c <= 1140006215 and (select b from t2 where a = 2) = 1; drop table t1, t2; sql/opt_range.cc +12 −3 Original line number Diff line number Diff line Loading @@ -3604,9 +3604,18 @@ static SEL_TREE *get_mm_tree(PARAM *param,COND *cond) /* Here when simple cond */ if (cond->const_item()) { if (cond->val_int()) DBUG_RETURN(new SEL_TREE(SEL_TREE::ALWAYS)); DBUG_RETURN(new SEL_TREE(SEL_TREE::IMPOSSIBLE)); /* During the cond->val_int() evaluation we can come across a subselect item which may allocate memory on the thd->mem_root and assumes all the memory allocated has the same life span as the subselect item itself. So we have to restore the thread's mem_root here. */ MEM_ROOT *tmp_root= param->mem_root; param->thd->mem_root= param->old_root; tree= cond->val_int() ? new(tmp_root) SEL_TREE(SEL_TREE::ALWAYS) : new(tmp_root) SEL_TREE(SEL_TREE::IMPOSSIBLE); param->thd->mem_root= tmp_root; DBUG_RETURN(tree); } table_map ref_tables= 0; Loading Loading
mysql-test/r/subselect.result +6 −0 Original line number Diff line number Diff line Loading @@ -3163,3 +3163,9 @@ t crash1 crash1 drop table t1; create table t1 (c int, key(c)); insert into t1 values (1142477582), (1142455969); create table t2 (a int, b int); insert into t2 values (2, 1), (1, 0); delete from t1 where c <= 1140006215 and (select b from t2 where a = 2) = 1; drop table t1, t2;
mysql-test/t/subselect.test +11 −0 Original line number Diff line number Diff line Loading @@ -2074,3 +2074,14 @@ create table t1( f1 int,f2 int); insert into t1 values (1,1),(2,2); select tt.t from (select 'crash1' as t, f2 from t1) as tt left join t1 on tt.t = 'crash2' and tt.f2 = t1.f2 where tt.t = 'crash1'; drop table t1; # # Bug #18306: server crash on delete using subquery. # create table t1 (c int, key(c)); insert into t1 values (1142477582), (1142455969); create table t2 (a int, b int); insert into t2 values (2, 1), (1, 0); delete from t1 where c <= 1140006215 and (select b from t2 where a = 2) = 1; drop table t1, t2;
sql/opt_range.cc +12 −3 Original line number Diff line number Diff line Loading @@ -3604,9 +3604,18 @@ static SEL_TREE *get_mm_tree(PARAM *param,COND *cond) /* Here when simple cond */ if (cond->const_item()) { if (cond->val_int()) DBUG_RETURN(new SEL_TREE(SEL_TREE::ALWAYS)); DBUG_RETURN(new SEL_TREE(SEL_TREE::IMPOSSIBLE)); /* During the cond->val_int() evaluation we can come across a subselect item which may allocate memory on the thd->mem_root and assumes all the memory allocated has the same life span as the subselect item itself. So we have to restore the thread's mem_root here. */ MEM_ROOT *tmp_root= param->mem_root; param->thd->mem_root= param->old_root; tree= cond->val_int() ? new(tmp_root) SEL_TREE(SEL_TREE::ALWAYS) : new(tmp_root) SEL_TREE(SEL_TREE::IMPOSSIBLE); param->thd->mem_root= tmp_root; DBUG_RETURN(tree); } table_map ref_tables= 0; Loading
