Bug #23135667: CRASH AFTER DEEPLY NESTED BUILD_EQUAL_ITEMS_FOR_COND

Problem: When build_equal_items_for_cond gets called for a big query recursively, the specified thread_stack_size exceeds. But optimizer does not handle this condition. As a result, server exits. Solution: Check if we exceed specified stack size and if yes exit gracefully by throwing an error.
2016-08-18 09:56:48 +05:30 · 2016-08-18 09:56:48 +05:30 · 0248fb2e8a
commit 0248fb2e8a
parent 0c6eac64c7
1 changed files with 3 additions and 0 deletions
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@ -8154,6 +8154,9 @@ static COND *build_equal_items_for_cond(THD *thd, COND *cond,
  COND_EQUAL cond_equal;
  cond_equal.upper_levels= inherited;

+  if (check_stack_overrun(thd, STACK_MIN_SIZE, NULL))
+    return cond;                          // Fatal error flag is set!
+
  if (cond->type() == Item::COND_ITEM)
  {
    List<Item> eq_list;