fix use-after-free [closes #89]

MariaDB · May 5, 2017 · 1742561 · 1742561
1 parent a17b8f7
commit 1742561
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 15 deletions.
diff --git a/mysql-test/suite/versioning/r/alter.result b/mysql-test/suite/versioning/r/alter.result
@@ -276,7 +276,7 @@ t	CREATE TABLE `t` (
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1 WITH SYSTEM VERSIONING
 alter table t without system versioning;
 alter table t with system versioning, algorithm=inplace;
-ERROR 0A000: ALGORITHM=INPLACE is not supported for this operation. Try ALGORITHM=COPY.
+ERROR 0A000: ALGORITHM=INPLACE is not supported for this operation. Try ALGORITHM=COPY
 alter table t with system versioning, algorithm=copy;
 show create table t;
 Table	Create Table
@@ -346,7 +346,7 @@ a
 2
 1
 alter table t without system versioning, algorithm=inplace;
-ERROR 0A000: ALGORITHM=INPLACE is not supported for this operation. Try ALGORITHM=COPY.
+ERROR 0A000: ALGORITHM=INPLACE is not supported for this operation. Try ALGORITHM=COPY
 alter table t without system versioning, algorithm=copy;
 show create table t;
 Table	Create Table

diff --git a/mysql-test/suite/versioning/r/optimized_fields.result b/mysql-test/suite/versioning/r/optimized_fields.result
@@ -18,6 +18,7 @@ a	b	b+0
 3	NULL	NULL
 Warnings:
 Warning	4075	Attempt to read unversioned field `b` in historical query
+Warning	4075	Attempt to read unversioned field `b` in historical query
 select * from t for system_time as of timestamp now(6);
 a	b
 1	NULL

diff --git a/sql/item.cc b/sql/item.cc
@@ -2760,19 +2760,17 @@ void Item_field::set_field(Field *field_par)
   if (field->table->s->tmp_table == SYSTEM_TMP_TABLE)
     any_privileges= 0;
 
-  if (field->flags & VERS_OPTIMIZED_UPDATE_FLAG && context && context->select_lex &&
-      context->select_lex->vers_conditions.type !=
-          FOR_SYSTEM_TIME_UNSPECIFIED &&
-      !field->force_null)
+  field->force_null= false;
+  if (field->flags & VERS_OPTIMIZED_UPDATE_FLAG && context &&
+      context->select_lex &&
+      context->select_lex->vers_conditions.type != FOR_SYSTEM_TIME_UNSPECIFIED)
   {
-    DBUG_ASSERT(context->select_lex->parent_lex &&
-                context->select_lex->parent_lex->thd);
     field->force_null= true;
-    THD *thd= context->select_lex->parent_lex->thd;
-    push_warning_printf(thd, Sql_condition::WARN_LEVEL_WARN,
-                        ER_NON_VERSIONED_FIELD_IN_VERSIONED_QUERY,
-                        ER_THD(thd, ER_NON_VERSIONED_FIELD_IN_VERSIONED_QUERY),
-                        field_name);
+    push_warning_printf(
+        current_thd, Sql_condition::WARN_LEVEL_WARN,
+        ER_NON_VERSIONED_FIELD_IN_VERSIONED_QUERY,
+        ER_THD(current_thd, ER_NON_VERSIONED_FIELD_IN_VERSIONED_QUERY),
+        field_name);
   }
 }
 
@@ -5922,8 +5920,6 @@ void Item_field::cleanup()
     it will be linked correctly next time by name of field and table alias.
     I.e. we can drop 'field'.
    */
-  if (field)
-    field->force_null= false;
   field= 0;
   item_equal= NULL;
   null_value= FALSE;