From 380f1a84403a88b4b45f3d14fe98882a04c4773d Mon Sep 17 00:00:00 2001
From: Sergey Glukhov <Sergey.Glukhov@sun.com>
Date: Mon, 27 Oct 2008 14:22:38 +0400
Subject: [PATCH] Bug#39040 valgrind errors/crash when creating views with
 binlog logging enabled A string buffers which were included in the 'view'
 data structure were allocated on the stack, causing an invalid pointer when
 used after the function returned. The fix: use copy of values for view->md5 &
 view->queries

mysql-test/r/view.result:
  test result
mysql-test/t/view.test:
  test case
sql/sql_view.cc:
  A string buffers which were included in the 'view' data structure
  were allocated on the stack, causing an invalid pointer when used
  after the function returned.
  The fix: use copy of values for view->md5 & view->queries
---
 mysql-test/r/view.result |  2 ++
 mysql-test/t/view.test   |  9 +++++++++
 sql/sql_view.cc          | 16 +++++++++++++---
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/mysql-test/r/view.result b/mysql-test/r/view.result
index eb7a89c3d12..8cbe3fc36cf 100644
--- a/mysql-test/r/view.result
+++ b/mysql-test/r/view.result
@@ -3677,6 +3677,8 @@ DROP VIEW v1;
 
 # -- End of test case for Bug#35193.
 
+CREATE VIEW v1 AS SELECT 1;
+DROP VIEW v1;
 # -----------------------------------------------------------------
 # -- End of 5.0 tests.
 # -----------------------------------------------------------------
diff --git a/mysql-test/t/view.test b/mysql-test/t/view.test
index 9fa981ccb9a..bcf31a4501d 100644
--- a/mysql-test/t/view.test
+++ b/mysql-test/t/view.test
@@ -3560,6 +3560,15 @@ DROP VIEW v1;
 
 ###########################################################################
 
+#
+# Bug#39040: valgrind errors/crash when creating views with binlog logging 
+# enabled
+#
+# Bug is visible only when running in valgrind with binary logging.
+CREATE VIEW v1 AS SELECT 1;
+DROP VIEW v1;
+
+
 --echo # -----------------------------------------------------------------
 --echo # -- End of 5.0 tests.
 --echo # -----------------------------------------------------------------
diff --git a/sql/sql_view.cc b/sql/sql_view.cc
index dffad0cc575..8e6d3ed583a 100644
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@@ -774,8 +774,13 @@ static int mysql_register_view(THD *thd, TABLE_LIST *view,
   DBUG_PRINT("info", ("View: %s", str.ptr()));
 
   /* fill structure */
-  view->query.str= str.c_ptr_safe();
-  view->query.length= str.length();
+  if (!make_lex_string(thd, &view->query, str.ptr(), str.length(), false))
+  {
+    my_error(ER_OUT_OF_RESOURCES, MYF(0));
+    error= -1;
+    goto err;   
+  }
+
   view->source.str= thd->query + thd->lex->create_view_select_start;
   view->source.length= (char *)skip_rear_comments(thd->charset(),
                                                   (char *)view->source.str,
@@ -784,7 +789,12 @@ static int mysql_register_view(THD *thd, TABLE_LIST *view,
                         view->source.str;
   view->file_version= 1;
   view->calc_md5(md5);
-  view->md5.str= md5;
+  if (!(view->md5.str= thd->memdup(md5, 32)))
+  {
+    my_error(ER_OUT_OF_RESOURCES, MYF(0));
+    error= -1;
+    goto err;   
+  }
   view->md5.length= 32;
   can_be_merged= lex->can_be_merged();
   if (lex->create_view_algorithm == VIEW_ALGORITHM_MERGE &&