From 37a3d4467e3115f4d4dfcad0a6ee3c23e785f524 Mon Sep 17 00:00:00 2001 From: Sergei Petrunia Date: Wed, 3 Aug 2022 17:55:45 +0300 Subject: [PATCH] MDEV-23809: Server crash in JOIN_CACHE::free ...: part #2 Part #2: make sure we allocate space for two JOIN_TABs that use temporary tables. The dbug_join_tab_array_size is still set to catch cases where we try to access more JOIN_TAB object than we thought we would have. --- sql/sql_select.cc | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/sql/sql_select.cc b/sql/sql_select.cc index a865c75184f5e..70c0a80ba2a3b 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -9780,6 +9780,23 @@ bool JOIN::get_best_combination() if (aggr_tables > 2) aggr_tables= 2; + +#ifndef DBUG_OFF + dbug_join_tab_array_size= top_join_tab_count + aggr_tables; +#endif + /* + NOTE: The above computation of aggr_tables can produce wrong result because some + of the variables it uses may change their values after we leave this function. + Known examples: + - Dangerous: using_outer_summary_function=false at this point. Added + DBUG_ASSERT below to demonstrate. Can this cause us to allocate less + space than we would need? + - Not dangerous: select_distinct can be true here but be assigned false + afterwards. + */ + aggr_tables= 2; + DBUG_ASSERT(!tmp_table_param.using_outer_summary_function); + if (!(join_tab= (JOIN_TAB*) thd->alloc(sizeof(JOIN_TAB)* (top_join_tab_count + aggr_tables)))) DBUG_RETURN(TRUE); @@ -9789,10 +9806,6 @@ bool JOIN::get_best_combination() fix_semijoin_strategies_for_picked_join_order(this); -#ifndef DBUG_OFF - dbug_join_tab_array_size= top_join_tab_count + aggr_tables; -#endif - if (inject_splitting_cond_for_all_tables_with_split_opt()) DBUG_RETURN(TRUE);