Hi! On 23.06.2016 23:49, Sergey Petrunia wrote:
Hi Sanja,
On Wed, Jun 22, 2016 at 02:17:06PM +0200, Oleksandr Byelkin wrote:
revision-id: 475cab835fb48c91d5cca649ab93917ec1718d75 (mariadb-5.5.50-6-g475cab8) parent(s): a482e76e65a4fee70479e877929381c86b1ec62f committer: Oleksandr Byelkin timestamp: 2016-06-22 14:17:06 +0200 message:
MDEV-10050: Crash in subselect
thd should not be taken earlier then fix_field and reset on fix_fields if it is needed.
--- sql/item_subselect.cc | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc index ba67474..60cdd3f 100644 --- a/sql/item_subselect.cc +++ b/sql/item_subselect.cc @@ -79,7 +79,9 @@ void Item_subselect::init(st_select_lex *select_lex, DBUG_PRINT("enter", ("select_lex: 0x%lx this: 0x%lx", (ulong) select_lex, (ulong) this)); unit= select_lex->master_unit(); - thd= unit->thd; +#ifndef DBUG_OFF + thd= 0; +#endif So I've applied the patch, and I'm debugging this statement:
prepare s from 'select a, (select max(one_k.a) from one_k where one_k.a <ten.a) from ten';
(this is just the first subquery I tried, nothing special about it).
We arrive at the above #ifndef, and I have thd=0xa5a5a5a5a5, that is, it's uninitialized data.
I let it execute further...
You are absolutely right, I forgot that engines also took thd on cration instead of prepare. Now it is fixed. revision-id: 79f852a069fb6ba5e18fd66ea2a24fa91c245c24 (mariadb-5.5.50-7-g79f852a) parent(s): ef92aaf9ece92c873ae0f3448ab2274c958ba3fe committer: Oleksandr Byelkin timestamp: 2016-06-24 14:15:35 +0200 message: MDEV-10050: Crash in subselect thd should not be taken earlier then fix_field and reset on fix_fields if it is needed. [skip]