MDEV-6736: Valgrind warnings 'Invalid read' in subselect_engine::calc_const_tables with SQ in WHERE and

varunraiko · varunraiko · commit e3dd9a95e50e · 2018-03-17T10:51:19.000+05:30
HAVING, ORDER BY, materialization+semijoin

During cleanup a pointer to the materialised table that was freed was not set to NULL
diff --git a/mysql-test/r/having.result b/mysql-test/r/having.result
@@ -723,4 +723,18 @@ SELECT * FROM t1 JOIN t2 ON c1 = c2 HAVING c2 > 'a' ORDER BY c2 LIMIT 1;
 c1	c2
 x	x
 DROP TABLE t1,t2;
+#
+# MDEV-6736: Valgrind warnings 'Invalid read' in subselect_engine::calc_const_tables with SQ 
+# in WHERE and HAVING, ORDER BY, materialization+semijoin
+#
+CREATE TABLE t1 (a INT) ENGINE=MyISAM;
+INSERT INTO t1 VALUES (3),(8);
+CREATE TABLE t2 (b INT) ENGINE=MyISAM;
+INSERT INTO t2 VALUES (2),(1);
+SELECT a FROM t1
+WHERE 9 IN ( SELECT MIN( a ) FROM t1 )
+HAVING a <> ( SELECT COUNT(*) FROM t2 ) 
+ORDER BY a;
+a
+DROP TABLE t1,t2;
 End of 10.0 tests
diff --git a/mysql-test/t/having.test b/mysql-test/t/having.test
@@ -759,4 +759,22 @@ SELECT * FROM t1 JOIN t2 ON c1 = c2 HAVING c2 > 'a' ORDER BY c2 LIMIT 1;
 
 DROP TABLE t1,t2;
 
+--echo #
+--echo # MDEV-6736: Valgrind warnings 'Invalid read' in subselect_engine::calc_const_tables with SQ 
+--echo # in WHERE and HAVING, ORDER BY, materialization+semijoin
+--echo #
+
+CREATE TABLE t1 (a INT) ENGINE=MyISAM;
+INSERT INTO t1 VALUES (3),(8);
+
+CREATE TABLE t2 (b INT) ENGINE=MyISAM;
+INSERT INTO t2 VALUES (2),(1);
+
+SELECT a FROM t1
+WHERE 9 IN ( SELECT MIN( a ) FROM t1 )
+HAVING a <> ( SELECT COUNT(*) FROM t2 ) 
+ORDER BY a;
+
+DROP TABLE t1,t2;
+
 --echo End of 10.0 tests
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
@@ -11476,13 +11476,15 @@ void JOIN_TAB::cleanup()
       }
       else
       {
+        TABLE_LIST *tmp= table->pos_in_table_list;
         end_read_record(&read_record);
-        table->pos_in_table_list->jtbm_subselect->cleanup();
+        tmp->jtbm_subselect->cleanup();
         /* 
           The above call freed the materializedd temptable. Set it to NULL so
           that we don't attempt to touch it if JOIN_TAB::cleanup() is invoked
           multiple times (it may be)
         */
+        tmp->table= NULL;
         table=NULL;
       }
       DBUG_VOID_RETURN;

Original file line number	Diff line number	Diff line change
`@@ -11476,13 +11476,15 @@ void JOIN_TAB::cleanup()`
`11476`	`11476`	`}`
`11477`	`11477`	`else`
`11478`	`11478`	`{`
	`11479`	`+ TABLE_LIST *tmp= table->pos_in_table_list;`
`11479`	`11480`	`end_read_record(&read_record);`
`11480`		`- table->pos_in_table_list->jtbm_subselect->cleanup();`
	`11481`	`+ tmp->jtbm_subselect->cleanup();`
`11481`	`11482`	`/*`
`11482`	`11483`	`The above call freed the materializedd temptable. Set it to NULL so`
`11483`	`11484`	`that we don't attempt to touch it if JOIN_TAB::cleanup() is invoked`
`11484`	`11485`	`multiple times (it may be)`
`11485`	`11486`	`*/`
	`11487`	`+ tmp->table= NULL;`
`11486`	`11488`	`table=NULL;`
`11487`	`11489`	`}`
`11488`	`11490`	`DBUG_VOID_RETURN;`