MDEV-26583 SIGSEGV's in spider_get_select_limit_from_select_lex when …

…DELAYED INSERT is used

Spider dereferences a freed select_lex and then results in SIGSEGV.

sql/sql_insert.cc

@@ -2423,6 +2423,11 @@ bool delayed_get_table(THD *thd, MDL_request *grl_protection_request,
       di->table_list.alias.str=    di->table_list.table_name.str=    di->thd.query();
       di->table_list.alias.length= di->table_list.table_name.length= di->thd.query_length();
       di->table_list.db= di->thd.db;
+      /*
+        Nulify select_lex because, if the thread that spawned the current one
+        disconnects, the select_lex will point to freed memory.
+      */
+      di->table_list.select_lex= NULL;
       /*
         We need the tickets so that they can be cloned in
         handle_delayed_insert

storage/spider/mysql-test/spider/bugfix/r/mdev_26583.result

@@ -0,0 +1,34 @@
+#
+# MDEV-26583 SIGSEGV's in spider_get_select_limit_from_select_lex when DELAYED INSERT is used
+#
+for master_1
+for child2
+child2_1
+child2_2
+child2_3
+for child3
+connection child2_1;
+CREATE DATABASE auto_test_remote;
+USE auto_test_remote;
+CREATE TABLE tbl_a (
+a INT AUTO_INCREMENT KEY,
+b INT,INDEX i (b)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+connection master_1;
+CREATE DATABASE auto_test_local;
+USE auto_test_local;
+CREATE TABLE tbl_a (
+a INT AUTO_INCREMENT KEY,
+b INT,INDEX i (b)
+) ENGINE=Spider DEFAULT CHARSET=utf8 COMMENT='srv "s_2_1", table "tbl_a"';
+INSERT DELAYED INTO tbl_a VALUES (0,0),(0,0),(0,0);
+connection master_1;
+DROP DATABASE auto_test_local;
+connection child2_1;
+DROP DATABASE auto_test_remote;
+for master_1
+for child2
+child2_1
+child2_2
+child2_3
+for child3

storage/spider/mysql-test/spider/bugfix/t/mdev_26583.cnf

@@ -0,0 +1,3 @@
+!include include/default_mysqld.cnf
+!include ../my_1_1.cnf
+!include ../my_2_1.cnf

storage/spider/mysql-test/spider/bugfix/t/mdev_26583.test

@@ -0,0 +1,44 @@
+--echo #
+--echo # MDEV-26583 SIGSEGV's in spider_get_select_limit_from_select_lex when DELAYED INSERT is used
+--echo #
+
+--disable_query_log
+--disable_result_log
+--source ../../t/test_init.inc
+--enable_result_log
+--enable_query_log
+
+--connection child2_1
+CREATE DATABASE auto_test_remote;
+USE auto_test_remote;
+
+eval CREATE TABLE tbl_a (
+    a INT AUTO_INCREMENT KEY,
+    b INT,INDEX i (b)
+) $CHILD2_1_ENGINE $CHILD2_1_CHARSET;
+
+--connection master_1
+CREATE DATABASE auto_test_local;
+USE auto_test_local;
+
+eval CREATE TABLE tbl_a (
+    a INT AUTO_INCREMENT KEY,
+    b INT,INDEX i (b)
+) $MASTER_1_ENGINE $MASTER_1_CHARSET COMMENT='srv "s_2_1", table "tbl_a"';
+
+INSERT DELAYED INTO tbl_a VALUES (0,0),(0,0),(0,0);
+
+let $wait_condition=select count(*)=3 from tbl_a
+source include/wait_condition.inc;
+
+--connection master_1
+DROP DATABASE auto_test_local;
+
+--connection child2_1
+DROP DATABASE auto_test_remote;
+
+--disable_query_log
+--disable_result_log
+--source ../../t/test_deinit.inc
+--enable_result_log
+--enable_query_log