MDEV-6736: Valgrind warnings 'Invalid read' in subselect_engine::calc…

…_const_tables with SQ in WHERE and HAVING, ORDER BY, materialization+semijoin During cleanup a pointer to the materialised table that was freed was not set to NULL
MariaDB · Mar 17, 2018 · e3dd9a9 · e3dd9a9
1 parent 3d5dff6
commit e3dd9a9
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 1 deletion.
diff --git a/mysql-test/r/having.result b/mysql-test/r/having.result
@@ -723,4 +723,18 @@ SELECT * FROM t1 JOIN t2 ON c1 = c2 HAVING c2 > 'a' ORDER BY c2 LIMIT 1;
 c1	c2
 x	x
 DROP TABLE t1,t2;
+#
+# MDEV-6736: Valgrind warnings 'Invalid read' in subselect_engine::calc_const_tables with SQ 
+# in WHERE and HAVING, ORDER BY, materialization+semijoin
+#
+CREATE TABLE t1 (a INT) ENGINE=MyISAM;
+INSERT INTO t1 VALUES (3),(8);
+CREATE TABLE t2 (b INT) ENGINE=MyISAM;
+INSERT INTO t2 VALUES (2),(1);
+SELECT a FROM t1
+WHERE 9 IN ( SELECT MIN( a ) FROM t1 )
+HAVING a <> ( SELECT COUNT(*) FROM t2 ) 
+ORDER BY a;
+a
+DROP TABLE t1,t2;
 End of 10.0 tests
diff --git a/mysql-test/t/having.test b/mysql-test/t/having.test
@@ -759,4 +759,22 @@ SELECT * FROM t1 JOIN t2 ON c1 = c2 HAVING c2 > 'a' ORDER BY c2 LIMIT 1;
 
 DROP TABLE t1,t2;
 
+--echo #
+--echo # MDEV-6736: Valgrind warnings 'Invalid read' in subselect_engine::calc_const_tables with SQ 
+--echo # in WHERE and HAVING, ORDER BY, materialization+semijoin
+--echo #
+
+CREATE TABLE t1 (a INT) ENGINE=MyISAM;
+INSERT INTO t1 VALUES (3),(8);
+
+CREATE TABLE t2 (b INT) ENGINE=MyISAM;
+INSERT INTO t2 VALUES (2),(1);
+
+SELECT a FROM t1
+WHERE 9 IN ( SELECT MIN( a ) FROM t1 )
+HAVING a <> ( SELECT COUNT(*) FROM t2 ) 
+ORDER BY a;
+
+DROP TABLE t1,t2;
+
 --echo End of 10.0 tests
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
@@ -11476,13 +11476,15 @@ void JOIN_TAB::cleanup()
       }
       else
       {
+        TABLE_LIST *tmp= table->pos_in_table_list;
         end_read_record(&read_record);
-        table->pos_in_table_list->jtbm_subselect->cleanup();
+        tmp->jtbm_subselect->cleanup();
         /* 
           The above call freed the materializedd temptable. Set it to NULL so
           that we don't attempt to touch it if JOIN_TAB::cleanup() is invoked
           multiple times (it may be)
         */
+        tmp->table= NULL;
         table=NULL;
       }
       DBUG_VOID_RETURN;