List:Commits« Previous MessageNext Message »
From:ahristov Date:October 5 2006 2:03pm
Subject:bk commit into 5.1 tree (andrey:1.2338) BUG#22830
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of andrey. When andrey does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2006-10-05 16:03:33+02:00, andrey@stripped +7 -0
  Fix for bug#22830
  Events: crash with procedure which alters events with function
  
  Stored routine call in CREATE|ALTER EVENT is unsafe now. Their usage
  will complicate the code too much and could possible open a can of
  worms. Therefore, their usage is forbidden and only standard MySQL
  functions could be used as part of the expressions. This fix also fixes
  a similar problem in the KILL statement (kill some_user_func())
  
  To be documented: CREATE|ALTER allow expressions as part of the statement.
  These expessions can include invocations to functions but only to
  standard ones and not to stored functions from mysql.proc and neither
  UDF. Because KILL is not also safe called with a routine name as
  parameter, user supplied routines are also disabled in this case.

  mysql-test/r/events_bugs.result@stripped, 2006-10-05 16:03:24+02:00, andrey@stripped +11 -0
    update result

  mysql-test/r/kill.result@stripped, 2006-10-05 16:03:25+02:00, andrey@stripped +16 -0
    update result

  mysql-test/t/events_bugs.test@stripped, 2006-10-05 16:03:25+02:00, andrey@stripped +19 -0
    add a test case for bug#22830
    Events: crash with procedure which alters events with function

  mysql-test/t/kill.test@stripped, 2006-10-05 16:03:25+02:00, andrey@stripped +24 -0
    Add a test case to prove that kill routine(); is forbidden
    where routine is not an internal function but a user supplied
    routine.

  sql/sql_lex.cc@stripped, 2006-10-05 16:03:25+02:00, andrey@stripped +1 -1
    rename lex member because of its new guarding purpose

  sql/sql_lex.h@stripped, 2006-10-05 16:03:25+02:00, andrey@stripped +1 -1
    rename lex member because of its new guarding purpose

  sql/sql_yacc.yy@stripped, 2006-10-05 16:03:25+02:00, andrey@stripped +15 -10
    Renamed expr_allows_subselect to expr_allows_subselect_n_routine_call
    This is needed because some statements are not only unsafe for subqueries
    but also for routine invocations. These include CREATE|ALTER EVENT and KILL.
    
    This change closes a possible can of worms and is also a fix for bug#22830
    Events: crash with procedure which alters events with function

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	andrey
# Host:	example.com
# Root:	/work/mysql-5.1-runtime-bug22830

--- 1.199/sql/sql_lex.cc	2006-10-05 16:03:46 +02:00
+++ 1.200/sql/sql_lex.cc	2006-10-05 16:03:46 +02:00
@@ -175,7 +175,7 @@ void lex_start(THD *thd, const uchar *bu
   lex->proc_list.first= 0;
   lex->escape_used= FALSE;
   lex->reset_query_tables_list(FALSE);
-  lex->expr_allows_subselect= TRUE;
+  lex->expr_allows_subselect_n_routine_call= TRUE;
 
   lex->name= 0;
   lex->event_parse_data= NULL;

--- 1.244/sql/sql_lex.h	2006-10-05 16:03:46 +02:00
+++ 1.245/sql/sql_lex.h	2006-10-05 16:03:46 +02:00
@@ -969,7 +969,7 @@ typedef struct st_lex : public Query_tab
     KILL, HA_READ, CREATE/ALTER EVENT etc. Set this to `false` to get
     syntax error back.
   */
-  bool expr_allows_subselect;
+  bool expr_allows_subselect_n_routine_call;
 
   thr_lock_type lock_option;
   enum SSL_type ssl_type;			/* defined in violite.h */

--- 1.505/sql/sql_yacc.yy	2006-10-05 16:03:46 +02:00
+++ 1.506/sql/sql_yacc.yy	2006-10-05 16:03:47 +02:00
@@ -1329,7 +1329,7 @@ event_tail:
 
             Lex->sql_command= SQLCOM_CREATE_EVENT;
             /* We need that for disallowing subqueries */
-            Lex->expr_allows_subselect= FALSE;
+            Lex->expr_allows_subselect_n_routine_call= FALSE;
           }
           ON SCHEDULE_SYM ev_schedule_time
           opt_ev_on_completion
@@ -1351,7 +1351,7 @@ event_tail:
               can overwrite it
             */
             Lex->sql_command= SQLCOM_CREATE_EVENT;
-            Lex->expr_allows_subselect= TRUE;
+            Lex->expr_allows_subselect_n_routine_call= TRUE;
           }
 
 
@@ -4726,7 +4726,7 @@ alter:
 
             Lex->sql_command= SQLCOM_ALTER_EVENT;
             /* we need that for disallowing subqueries */
-            Lex->expr_allows_subselect= FALSE;
+            Lex->expr_allows_subselect_n_routine_call= FALSE;
           }
           ev_alter_on_schedule_completion
           opt_ev_rename_to
@@ -4752,7 +4752,7 @@ alter:
               can overwrite it
             */
             Lex->sql_command= SQLCOM_ALTER_EVENT;
-            Lex->expr_allows_subselect= TRUE;
+            Lex->expr_allows_subselect_n_routine_call= TRUE;
           }
         | ALTER TABLESPACE alter_tablespace_info
           {
@@ -6361,6 +6361,11 @@ simple_expr:
 	  }
 	| IDENT_sys '(' 
           {
+            if (!Lex->expr_allows_subselect_n_routine_call)
+	    {
+	      yyerror(ER(ER_SYNTAX_ERROR));
+	      YYABORT;
+	    }
 #ifdef HAVE_DLOPEN
             udf_func *udf= 0;
             if (using_udf_functions &&
@@ -7097,7 +7102,7 @@ select_derived2:
         {
 	  LEX *lex= Lex;
 	  lex->derived_tables|= DERIVED_SUBQUERY;
-          if (!lex->expr_allows_subselect)
+          if (!lex->expr_allows_subselect_n_routine_call)
 	  {
 	    yyerror(ER(ER_SYNTAX_ERROR));
 	    YYABORT;
@@ -8589,14 +8594,14 @@ kill:
 	KILL_SYM
         {
           Lex->sql_command= SQLCOM_KILL;
-          Lex->expr_allows_subselect= FALSE;
+          Lex->expr_allows_subselect_n_routine_call= FALSE;
         }
         kill_option expr
 	{
 	  LEX *lex=Lex;
 	  lex->value_list.empty();
 	  lex->value_list.push_front($4);
-          Lex->expr_allows_subselect= TRUE;
+          Lex->expr_allows_subselect_n_routine_call= TRUE;
 	};
 
 kill_option:
@@ -10088,7 +10093,7 @@ handler:
 	    my_error(ER_SP_BADSTATEMENT, MYF(0), "HANDLER");
 	    YYABORT;
 	  }
-          lex->expr_allows_subselect= FALSE;
+          lex->expr_allows_subselect_n_routine_call= FALSE;
 	  lex->sql_command = SQLCOM_HA_READ;
 	  lex->ha_rkey_mode= HA_READ_KEY_EXACT;	/* Avoid purify warnings */
 	  lex->current_select->select_limit= new Item_int((int32) 1);
@@ -10098,7 +10103,7 @@ handler:
         }
         handler_read_or_scan where_clause opt_limit_clause
         {
-          Lex->expr_allows_subselect= TRUE;
+          Lex->expr_allows_subselect_n_routine_call= TRUE;
         }
         ;
 
@@ -10713,7 +10718,7 @@ subselect_init:
 subselect_start:
 	{
 	  LEX *lex=Lex;
-          if (!lex->expr_allows_subselect)
+          if (!lex->expr_allows_subselect_n_routine_call)
 	  {
             yyerror(ER(ER_SYNTAX_ERROR));
 	    YYABORT;

--- 1.22/mysql-test/r/events_bugs.result	2006-10-05 16:03:47 +02:00
+++ 1.23/mysql-test/r/events_bugs.result	2006-10-05 16:03:47 +02:00
@@ -226,4 +226,15 @@ set @a= 6;
 call p_16();
 drop procedure p_16;
 drop event e_16;
+drop event if exists e_17;
+drop procedure if exists p_17;
+drop function if exists f_17;
+create event e_17 on schedule every 1 second do set @a=5;
+create function f_17 () returns int return 5;
+create procedure p_17 () alter event e_17 on schedule every f_17() second;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '() second' at line 1
+drop function f_17;
+drop procedure p_17;
+ERROR 42000: PROCEDURE events_test.p_17 does not exist
+drop event e_17;
 drop database events_test;

--- 1.18/mysql-test/t/events_bugs.test	2006-10-05 16:03:47 +02:00
+++ 1.19/mysql-test/t/events_bugs.test	2006-10-05 16:03:47 +02:00
@@ -253,4 +253,23 @@ call p_16();
 
 drop procedure p_16;
 drop event e_16;
+
+
+#
+# START - BUG #22830: Events: crash with procedure which alters events with function
+#
+--disable_warnings
+drop event if exists e_17;
+drop procedure if exists p_17;
+drop function if exists f_17;
+--enable_warnings
+create event e_17 on schedule every 1 second do set @a=5;
+create function f_17 () returns int return 5;
+--error ER_PARSE_ERROR
+create procedure p_17 () alter event e_17 on schedule every f_17() second;
+
+drop function f_17;
+--error ER_SP_DOES_NOT_EXIST
+drop procedure p_17;
+drop event e_17;
 drop database events_test;

--- 1.14/mysql-test/r/kill.result	2006-10-05 16:03:47 +02:00
+++ 1.15/mysql-test/r/kill.result	2006-10-05 16:03:47 +02:00
@@ -41,3 +41,19 @@ select 1;
 select RELEASE_LOCK("a");
 RELEASE_LOCK("a")
 1
+drop function if exists f_17;
+drop table if exists t1;
+create table t1(a int);
+insert into t1 values (1);
+create function f_17 () returns int
+begin
+declare b int;
+select a into b from t limit 1;
+return b;
+end|
+kill f_17();
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '()' at line 1
+kill UNIX_TIMESTAMP('1997-10-04 22:23:00');
+ERROR HY000: Unknown thread id: 875996580
+drop table t1;
+drop function f_17;

--- 1.23/mysql-test/t/kill.test	2006-10-05 16:03:47 +02:00
+++ 1.24/mysql-test/t/kill.test	2006-10-05 16:03:47 +02:00
@@ -114,3 +114,27 @@ reap;
 select 1;
 connection con1;
 select RELEASE_LOCK("a");
+
+#
+# test KILL with a stored function call
+#
+--disable_warnings
+drop function if exists f_17;
+drop table if exists t1;
+--enable_warnings
+create table t1(a int);
+insert into t1 values (1);
+delimiter |;
+create function f_17 () returns int
+  begin
+    declare b int;
+    select a into b from t limit 1;
+    return b;
+end|
+delimiter ;|
+--error ER_PARSE_ERROR
+kill f_17();
+--error ER_NO_SUCH_THREAD
+kill UNIX_TIMESTAMP('1997-10-04 22:23:00');
+drop table t1;
+drop function f_17;
Thread
bk commit into 5.1 tree (andrey:1.2338) BUG#22830ahristov5 Oct