From: Date: January 10 2008 4:54pm
Subject: bk commit into 5.0 tree (evgen:1.2597) BUG#33675
List-Archive: http://lists.mysql.com/commits/40854
X-Bug: 33675
Message-Id: <20080110155436.8F78A5404C@moonbone.localdomain>

Below is the list of changes that have just been committed into a local
5.0 repository of evgen. When evgen does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2008-01-10 18:54:34+03:00, evgen@stripped +1 -0
  filesort.cc:
    Bug#33675: Usage of an uninitialized memory by filesort in a subquery caused
    server crash.
    Free smaller buffer before allocating bigger one.

  sql/filesort.cc@stripped, 2008-01-10 18:52:24+03:00, evgen@stripped +6 -2
    Bug#33675: Usage of an uninitialized memory by filesort in a subquery caused
    server crash.
    Free smaller buffer before allocating bigger one.

diff -Nrup a/sql/filesort.cc b/sql/filesort.cc
--- a/sql/filesort.cc	2008-01-09 00:39:02 +03:00
+++ b/sql/filesort.cc	2008-01-10 18:52:24 +03:00
@@ -239,10 +239,14 @@ ha_rows filesort(THD *thd, TABLE *table,
   }
   else
   {
+    if (table_sort.buffpek && table_sort.buffpek_len < maxbuffer)
+    {
+      x_free(table_sort.buffpek);
+      table_sort.buffpek= 0;
+    }
     if (!(table_sort.buffpek=
           read_buffpek_from_file(&buffpek_pointers, maxbuffer,
-                                 (table_sort.buffpek_len < maxbuffer ?
-                                  NULL : table_sort.buffpek))))
+                                 table_sort.buffpek)))
       goto err;
     buffpek= (BUFFPEK *) table_sort.buffpek;
     table_sort.buffpek_len= maxbuffer;