Percona Server moved to https://jira.percona.com/projects/PS

  1. Bug #1412423
  2. Comment #3

Comment 3 for bug 1412423

Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

The cause is thd->variables becoming a dangling pointer:

int
mysql_execute_command(THD *thd)
{
...
  struct system_variables *per_query_variables_backup;
...
  if (thd->tx_read_only &&
      (sql_command_flags[lex->sql_command] & CF_DISALLOW_IN_RO_TRANS))
  {
    my_error(ER_CANT_EXECUTE_IN_READ_ONLY_TRANSACTION, MYF(0));
    goto error;
  }
...
  if (lex->set_statement && !lex->var_list.is_empty()) {
    per_query_variables_backup= copy_system_variables(&thd->variables,
                                                      thd->m_enable_plugins);
...
error:
...
  if (lex->set_statement && !lex->var_list.is_empty()) {
...
    free_system_variables(&thd->variables, thd->m_enable_plugins);
    thd->variables= *per_query_variables_backup;
    my_free(per_query_variables_backup);
...
}

This bug is a sibling of bug 1387951 and bug 1418049. These three bugs represent three different error paths in mysql_execute_command that result in dangling thd->variables pointer.