From: Date: March 23 2006 3:09pm Subject: bk commit into 5.0 tree (ramil:1.2108) BUG#18306 List-Archive: http://lists.mysql.com/commits/4070 X-Bug: 18306 Message-Id: <200603231409.k2NE9gox001938@myoffice.izhnet.ru> Below is the list of changes that have just been committed into a local 5.0 repository of ram. When ram does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet 1.2108 06/03/23 18:09:35 ramil@stripped +3 -0 Fix for bug #18306: MySQL crashes and restarts using subquery sql/opt_range.cc 1.206 06/03/23 18:09:27 ramil@stripped +12 -3 Fix for bug #18306: MySQL crashes and restarts using subquery Restore thd->mem_root because during the cond->val_int() evaluation we can come across a subselect item which may allocate memory on the thd->mem_root and assumes all the memory allocated has the same life span as the subselect item itself. mysql-test/t/subselect.test 1.116 06/03/23 18:09:27 ramil@stripped +11 -0 Fix for bug #18306: MySQL crashes and restarts using subquery test case mysql-test/r/subselect.result 1.137 06/03/23 18:09:27 ramil@stripped +6 -0 Fix for bug #18306: MySQL crashes and restarts using subquery test case # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: ramil # Host: myoffice.izhnet.ru # Root: /usr/home/ram/work/mysql-5.0 --- 1.205/sql/opt_range.cc 2006-02-25 19:46:26 +04:00 +++ 1.206/sql/opt_range.cc 2006-03-23 18:09:27 +04:00 @@ -3604,9 +3604,18 @@ static SEL_TREE *get_mm_tree(PARAM *para /* Here when simple cond */ if (cond->const_item()) { - if (cond->val_int()) - DBUG_RETURN(new SEL_TREE(SEL_TREE::ALWAYS)); - DBUG_RETURN(new SEL_TREE(SEL_TREE::IMPOSSIBLE)); + /* + During the cond->val_int() evaluation we can come across a subselect + item which may allocate memory on the thd->mem_root and assumes + all the memory allocated has the same life span as the subselect + item itself. So we have to restore the thread's mem_root here. + */ + MEM_ROOT *tmp_root= param->mem_root; + param->thd->mem_root= param->old_root; + tree= cond->val_int() ? new(tmp_root) SEL_TREE(SEL_TREE::ALWAYS) : + new(tmp_root) SEL_TREE(SEL_TREE::IMPOSSIBLE); + param->thd->mem_root= tmp_root; + DBUG_RETURN(tree); } table_map ref_tables= 0; --- 1.136/mysql-test/r/subselect.result 2006-03-14 16:33:11 +04:00 +++ 1.137/mysql-test/r/subselect.result 2006-03-23 18:09:27 +04:00 @@ -3163,3 +3163,9 @@ t crash1 crash1 drop table t1; +create table t1 (c int, key(c)); +insert into t1 values (1142477582), (1142455969); +create table t2 (a int, b int); +insert into t2 values (2, 1), (1, 0); +delete from t1 where c <= 1140006215 and (select b from t2 where a = 2) = 1; +drop table t1, t2; --- 1.115/mysql-test/t/subselect.test 2006-03-14 16:33:11 +04:00 +++ 1.116/mysql-test/t/subselect.test 2006-03-23 18:09:27 +04:00 @@ -2074,3 +2074,14 @@ create table t1( f1 int,f2 int); insert into t1 values (1,1),(2,2); select tt.t from (select 'crash1' as t, f2 from t1) as tt left join t1 on tt.t = 'crash2' and tt.f2 = t1.f2 where tt.t = 'crash1'; drop table t1; + +# +# Bug #18306: server crash on delete using subquery. +# + +create table t1 (c int, key(c)); +insert into t1 values (1142477582), (1142455969); +create table t2 (a int, b int); +insert into t2 values (2, 1), (1, 0); +delete from t1 where c <= 1140006215 and (select b from t2 where a = 2) = 1; +drop table t1, t2;