#At file:///home/anurag/mysqlsrc/mysql-5.0-bugteam-39918/ based on revid:gshchepa@stripped
2735 Anurag Shekhar 2009-04-28
Bug #39918 memory (heap) engine crashing with b-tree index and DELETE
with seg fault
While evaluating self join with delete, server uses two instances of handler
(with both holding reference to same file). One handler is used to scan
and the other handler to remove the the records. There is no way for the
handler to know that tree its using is modified and hence needs to be rescaned.
In this particular case this value in last_pos holding a wrong value
causing a segmentation fault when accessed.
Disabling delete and scan in parallel on the same table fixes this problem.
@ mysql-test/r/heap_btree.result
Updated test result after adding new test for this bug.
@ mysql-test/t/heap_btree.test
Updated test result after adding new test for the bug report.
@ sql/sql_delete.cc
Updated to check if the files in delete list appears in join list and disable
delete while scanning, if it appears.
modified:
mysql-test/r/heap_btree.result
mysql-test/t/heap_btree.test
sql/sql_delete.cc
=== modified file 'mysql-test/r/heap_btree.result'
--- a/mysql-test/r/heap_btree.result 2007-10-19 20:04:30 +0000
+++ b/mysql-test/r/heap_btree.result 2009-04-28 08:13:09 +0000
@@ -336,4 +336,11 @@ a b
NULL NULL
NULL 1
drop table t1;
+#
+# bug#39918 - memory (heap) engine crashing while executing self join with delete
+#
+CREATE TABLE t1(a INT, KEY USING BTREE (a)) ENGINE=MEMORY;
+INSERT INTO t1 VALUES(1),(1);
+DELETE a1 FROM t1 AS a1, t1 AS a2 WHERE a1.a=a2.a;
+DROP TABLE t1;
End of 5.0 tests
=== modified file 'mysql-test/t/heap_btree.test'
--- a/mysql-test/t/heap_btree.test 2007-10-19 20:04:30 +0000
+++ b/mysql-test/t/heap_btree.test 2009-04-28 08:13:09 +0000
@@ -253,5 +253,13 @@ insert into t1 values (1, 1), (3, 3), (2
select * from t1 where a is null;
drop table t1;
+-- echo #
+-- echo # bug#39918 - memory (heap) engine crashing while executing self join with delete
+-- echo #
+
+CREATE TABLE t1(a INT, KEY USING BTREE (a)) ENGINE=MEMORY;
+INSERT INTO t1 VALUES(1),(1);
+DELETE a1 FROM t1 AS a1, t1 AS a2 WHERE a1.a=a2.a;
+DROP TABLE t1;
--echo End of 5.0 tests
=== modified file 'sql/sql_delete.cc'
--- a/sql/sql_delete.cc 2009-03-27 05:19:50 +0000
+++ b/sql/sql_delete.cc 2009-04-28 08:13:09 +0000
@@ -503,6 +503,11 @@ int mysql_multi_delete_prepare(THD *thd)
}
}
}
+ /*
+ Reset the exclude flag to false so it doesn't interfare
+ with further calls to unique_table
+ */
+ lex->select_lex.exclude_from_table_unique_test= FALSE;
DBUG_RETURN(FALSE);
}
@@ -538,11 +543,24 @@ multi_delete::initialize_tables(JOIN *jo
DBUG_RETURN(1);
table_map tables_to_delete_from=0;
+ delete_while_scanning= 1;
for (walk= delete_tables; walk; walk= walk->next_local)
+ {
tables_to_delete_from|= walk->table->map;
+ if (delete_while_scanning
+ && unique_table(thd, walk, join->tables_list, false))
+ {
+ /*
+ If the table we are going to delete from appears
+ in join, we need to defer delete. So the delete
+ doesn't interfers with the scaning of results.
+ */
+ delete_while_scanning= 0;
+ }
+ }
+
walk= delete_tables;
- delete_while_scanning= 1;
for (JOIN_TAB *tab=join->join_tab, *end=join->join_tab+join->tables;
tab < end;
tab++)
Attachment: [text/bzr-bundle] bzr/anurag.shekhar@sun.com-20090428081309-o5yhqd0883cvbvjt.bundle
