From b5a038a590c2b9339704dcd8e21defc0c5cb8092 Mon Sep 17 00:00:00 2001
From: Jon Olav Hauglid <jon.hauglid@sun.com>
Date: Mon, 7 Jun 2010 17:27:40 +0200
Subject: [PATCH] Bug #54282 Crash in
 MDL_context::upgrade_shared_lock_to_exclusive

This crash happened if a table was listed twice in a DROP TABLE statement,
and the statement was executed while in LOCK TABLES mode. Since the two
elements of table list were identical, they were assigned the same TABLE object.
During processing of the first table element, the TABLE instance was destroyed
and the second table list element was left with a dangling reference.
When this reference was later accessed, the server crashed.

Listing the same table twice in DROP TABLES should give an ER_NONUNIQ_TABLE
error. However, this did not happen as the check for unique table names was
skipped due to the lock type for table list elements being set to TL_IGNORE.
Previously TL_UNLOCK was used and the unique check was performed.

This bug was a regression introduced by a pre-requisite patch for
Bug#51263 "Deadlock between transactional SELECT and ALTER TABLE ...
REBUILD PARTITION". The regression only existed in an internal team
tree and never in any released code.

This patch reverts DROP TABLE (and DROP VIEW) to the old behavior of
using TL_UNLOCK locks. Test case added to drop.test.
---
 mysql-test/r/drop.result | 10 ++++++++++
 mysql-test/t/drop.test   | 17 +++++++++++++++++
 sql/sql_yacc.yy          |  4 ++--
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/drop.result b/mysql-test/r/drop.result
index 17ec2b09a0a..f1712a650b1 100644
--- a/mysql-test/r/drop.result
+++ b/mysql-test/r/drop.result
@@ -157,3 +157,13 @@ Error	1051	Unknown table 't1'
 # --
 # -- End of Bug#37431.
 # --
+#
+# Bug#54282 Crash in MDL_context::upgrade_shared_lock_to_exclusive
+#
+DROP TABLE IF EXISTS t1;
+CREATE TABLE t1 (a INT);
+LOCK TABLE t1 WRITE;
+DROP TABLE t1, t1;
+ERROR 42000: Not unique table/alias: 't1'
+UNLOCK TABLES;
+DROP TABLE t1;
diff --git a/mysql-test/t/drop.test b/mysql-test/t/drop.test
index 5ef4a28b202..b5ca0817b6f 100644
--- a/mysql-test/t/drop.test
+++ b/mysql-test/t/drop.test
@@ -256,3 +256,20 @@ SHOW WARNINGS;
 --echo # --
 --echo # -- End of Bug#37431.
 --echo # --
+
+
+--echo #
+--echo # Bug#54282 Crash in MDL_context::upgrade_shared_lock_to_exclusive
+--echo #
+
+--disable_warnings
+DROP TABLE IF EXISTS t1;
+--enable_warnings
+
+CREATE TABLE t1 (a INT);
+LOCK TABLE t1 WRITE;
+--error ER_NONUNIQ_TABLE
+DROP TABLE t1, t1;
+
+UNLOCK TABLES;
+DROP TABLE t1;
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 34e20374042..84412469252 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -10151,7 +10151,7 @@ drop:
             lex->sql_command = SQLCOM_DROP_TABLE;
             lex->drop_temporary= $2;
             lex->drop_if_exists= $4;
-            YYPS->m_lock_type= TL_IGNORE;
+            YYPS->m_lock_type= TL_UNLOCK;
             YYPS->m_mdl_type= MDL_EXCLUSIVE;
           }
           table_list opt_restrict
@@ -10244,7 +10244,7 @@ drop:
             LEX *lex= Lex;
             lex->sql_command= SQLCOM_DROP_VIEW;
             lex->drop_if_exists= $3;
-            YYPS->m_lock_type= TL_IGNORE;
+            YYPS->m_lock_type= TL_UNLOCK;
             YYPS->m_mdl_type= MDL_EXCLUSIVE;
           }
           table_list opt_restrict