From 830b8f0e3017755415ed9331d6a44cd7c44779c2 Mon Sep 17 00:00:00 2001
From: "evgen@moonbone.local" <>
Date: Thu, 10 Jan 2008 18:54:34 +0300
Subject: [PATCH] filesort.cc:   Bug#33675: Usage of an uninitialized memory by
 filesort in a subquery caused   server crash.   Free smaller buffer before
 allocating bigger one.

---
 sql/filesort.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/sql/filesort.cc b/sql/filesort.cc
index 5a8e3627758..43b079e83d5 100644
--- a/sql/filesort.cc
+++ b/sql/filesort.cc
@@ -239,10 +239,14 @@ ha_rows filesort(THD *thd, TABLE *table, SORT_FIELD *sortorder, uint s_length,
   }
   else
   {
+    if (table_sort.buffpek && table_sort.buffpek_len < maxbuffer)
+    {
+      x_free(table_sort.buffpek);
+      table_sort.buffpek= 0;
+    }
     if (!(table_sort.buffpek=
           read_buffpek_from_file(&buffpek_pointers, maxbuffer,
-                                 (table_sort.buffpek_len < maxbuffer ?
-                                  NULL : table_sort.buffpek))))
+                                 table_sort.buffpek)))
       goto err;
     buffpek= (BUFFPEK *) table_sort.buffpek;
     table_sort.buffpek_len= maxbuffer;