From: Alexander Nozdrin Date: March 22 2011 10:06am Subject: bzr commit into mysql-5.5 branch (alexander.nozdrin:3390) Bug#11763413 List-Archive: http://lists.mysql.com/commits/133487 X-Bug: 11763413 Message-Id: <201103221007.p2MA7G9F010548@acsmt357.oracle.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3829995142254267541==" --===============3829995142254267541== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/alik/MySQL/bzr/00/bug56115/mysql-5.5-bug56115/ based on revid:vinay.fisrekar@stripped 3390 Alexander Nozdrin 2011-03-22 A patch for Bug#11763413 (56115: SELECT doesn't work in prepared statements with cursor protocol). The problem was a bug in Materialized-cursor implementation. Materialized_cursor::open() called send_result_metadata() with items pointing to already closed table. The fix is to send metadata when the table is still open. NOTE: this is a "partial" fix: metadata are different with and without --cursor-protocol, but that's a different large problem, one indication of which is reported as Bug 24176. modified: mysql-test/r/ps.result mysql-test/t/ps.test sql/sql_cursor.cc tests/mysql_client_test.c === modified file 'mysql-test/r/ps.result' --- a/mysql-test/r/ps.result 2010-11-13 15:05:02 +0000 +++ b/mysql-test/r/ps.result 2011-03-22 10:06:54 +0000 @@ -3731,5 +3731,19 @@ CREATE TABLE t1 (a INT); BEGIN; PREPARE stmt1 FROM "SELECT * FROM t1"; DROP TABLE t1; + # -# End of 6.0 tests. +# Bug#56115: invalid memory reads when PS selecting from +# information_schema tables +# Bug#58701: crash in Field::make_field, cursor-protocol +# +# NOTE: MTR should be run both with --ps-protocol and --cursor-protocol. +# + +SELECT * +FROM (SELECT 1 UNION SELECT 2) t; +1 +1 +2 +# +# End of 5.5 tests. === modified file 'mysql-test/t/ps.test' --- a/mysql-test/t/ps.test 2010-11-13 15:05:02 +0000 +++ b/mysql-test/t/ps.test 2011-03-22 10:06:54 +0000 @@ -3344,7 +3344,21 @@ connection default; DROP TABLE t1; disconnect con1; +--echo --echo # ---echo # End of 6.0 tests. +--echo # Bug#56115: invalid memory reads when PS selecting from +--echo # information_schema tables +--echo # Bug#58701: crash in Field::make_field, cursor-protocol +--echo # +--echo # NOTE: MTR should be run both with --ps-protocol and --cursor-protocol. +--echo # +--echo + +SELECT * +FROM (SELECT 1 UNION SELECT 2) t; + + +--echo # +--echo # End of 5.5 tests. ########################################################################### === modified file 'sql/sql_cursor.cc' --- a/sql/sql_cursor.cc 2010-12-08 16:47:21 +0000 +++ b/sql/sql_cursor.cc 2011-03-22 10:06:54 +0000 @@ -1,4 +1,4 @@ -/* Copyright (C) 2005-2006 MySQL AB +/* Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -46,7 +46,7 @@ class Materialized_cursor: public Server public: Materialized_cursor(select_result *result, TABLE *table); - int fill_item_list(THD *thd, List &send_result_set_metadata); + int send_result_set_metadata(THD *thd, List &send_result_set_metadata); virtual bool is_open() const { return table != 0; } virtual int open(JOIN *join __attribute__((unused))); virtual void fetch(ulong num_rows); @@ -133,7 +133,13 @@ int mysql_open_cursor(THD *thd, select_r if (rc) { if (result_materialize->materialized_cursor) + { + /* Rollback metadata in the client-server protocol. */ + result_materialize->abort_result_set(); + delete result_materialize->materialized_cursor; + } + goto end; } @@ -142,6 +148,12 @@ int mysql_open_cursor(THD *thd, select_r Materialized_cursor *materialized_cursor= result_materialize->materialized_cursor; + /* + NOTE: close_thread_tables() has been called in + mysql_execute_command(), so all tables except from the cursor + temporary table have been closed. + */ + if ((rc= materialized_cursor->open(0))) { delete materialized_cursor; @@ -202,14 +214,16 @@ Materialized_cursor::Materialized_cursor /** - Preserve the original metadata that would be sent to the client. + Preserve the original metadata to be sent to the client. + Initiate sending of the original metadata to the client + (call Protocol::send_result_set_metadata()). @param thd Thread identifier. @param send_result_set_metadata List of fields that would be sent. */ -int Materialized_cursor::fill_item_list(THD *thd, - List &send_result_set_metadata) +int Materialized_cursor::send_result_set_metadata( + THD *thd, List &send_result_set_metadata) { Query_arena backup_arena; int rc; @@ -241,6 +255,14 @@ int Materialized_cursor::fill_item_list( ident->db_name= thd->strdup(send_field.db_name); ident->table_name= thd->strdup(send_field.table_name); } + + /* + Original metadata result set should be sent here. After + mysql_execute_command() is finished, item_list can not be used for + sending metadata, because it references closed table. + */ + rc= result->send_result_set_metadata(item_list, Protocol::SEND_NUM_ROWS); + end: thd->restore_active_arena(this, &backup_arena); /* Check for thd->is_error() in case of OOM */ @@ -253,31 +275,29 @@ int Materialized_cursor::open(JOIN *join THD *thd= fake_unit.thd; int rc; Query_arena backup_arena; + thd->set_n_backup_active_arena(this, &backup_arena); - /* Create a list of fields and start sequential scan */ + + /* Create a list of fields and start sequential scan. */ + rc= result->prepare(item_list, &fake_unit); - if (!rc && !(rc= table->file->ha_rnd_init(TRUE))) - is_rnd_inited= 1; + rc= !rc && table->file->ha_rnd_init(TRUE); + is_rnd_inited= !rc; thd->restore_active_arena(this, &backup_arena); - if (rc == 0) - { - /* - Now send the result set metadata to the client. We need to - do it here, as in Select_materialize::send_result_set_metadata the items - for column types are not yet created (send_result_set_metadata requires - a list of items). The new types may differ from the original - ones sent at prepare if some of them were altered by MySQL - HEAP tables mechanism -- used when create_tmp_field_from_item - may alter the original column type. - We can't simply supply SEND_EOF flag to send_result_set_metadata, because - send_result_set_metadata doesn't flush the network buffer. - */ - rc= result->send_result_set_metadata(item_list, Protocol::SEND_NUM_ROWS); + /* Commit or rollback metadata in the client-server protocol. */ + + if (!rc) + { thd->server_status|= SERVER_STATUS_CURSOR_EXISTS; result->send_eof(); } + else + { + result->abort_result_set(); + } + return rc; } @@ -370,13 +390,14 @@ bool Select_materialize::send_result_set materialized_cursor= new (&table->mem_root) Materialized_cursor(result, table); - if (! materialized_cursor) + if (!materialized_cursor) { free_tmp_table(table->in_use, table); table= 0; return TRUE; } - if (materialized_cursor->fill_item_list(unit->thd, list)) + + if (materialized_cursor->send_result_set_metadata(unit->thd, list)) { delete materialized_cursor; table= 0; === modified file 'tests/mysql_client_test.c' --- a/tests/mysql_client_test.c 2011-03-17 13:52:49 +0000 +++ b/tests/mysql_client_test.c 2011-03-22 10:06:54 +0000 @@ -1,4 +1,4 @@ -/* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15694,8 +15694,11 @@ static void test_bug13488() check_execute(stmt1, rc); if (!opt_silent) - printf("data is: %s", (f1 == 1 && f2 == 1 && f3 == 2)?"OK": - "wrong"); + { + printf("data: f1: %d; f2: %d; f3: %d\n", f1, f2, f3); + printf("data is: %s\n", + (f1 == 1 && f2 == 1 && f3 == 2) ? "OK" : "wrong"); + } DIE_UNLESS(f1 == 1 && f2 == 1 && f3 == 2); rc= mysql_query(mysql, "drop table t1, t2"); myquery(rc); --===============3829995142254267541== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/alexander.nozdrin@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: alexander.nozdrin@stripped\ # 942i7q14ipz9y6aj # target_branch: file:///home/alik/MySQL/bzr/00/bug56115/mysql-5.5-\ # bug56115/ # testament_sha1: e8340e7a2b11d4e189d889fb1bad0a9fad0a04eb # timestamp: 2011-03-22 13:06:58 +0300 # base_revision_id: vinay.fisrekar@stripped\ # g130hz03nvv7rjox # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWTNUvmsABWzfgFDQe/f///9v 3oS////6YAwdvvSMbk7K3WbquqC41qNbYAaCtuupKpD22GipoZAGTQBoHqAAA0DQAAAASkAIMQmR qNGmQk9QaPUBkGgDR6jQfqQEoTERU/TRqMoekDTGp6QAAAAAAAEiQQp6NVP2iaaNJ6BMptqNNR7U mTJp6gZDQGQ9Q40ZMjCMQDCaDAJoNAyZNGTIYQGEkgEBAABDTTEaJomKHqbSeRPUB6gAoIOQ8N+O CJbNeuevxYaz4aIKWx43VXylxTWERKCU1d7z186evHlQuw4eyf/C8oMd/Gj+3+7dEVXupVwqk7Xf q0lB+z2dP+WWaeqk5ymxcVsl4zs37o6C6SP7MgIMksUxqHWAsLFNW5WRVws8RWXgrr01x6IiCQAZ Cgh2TtfH26kDBef08D7mT6HaXzj/A1qH7SX3NpBe4LjaMgGYZkavERd+rbv0l1SksI7aw293lF1H Oz2oso6ys3nQsTVvsqFyuvAtGvJfFTMqTBoxHZ3FbWUrJKUtNnVdO7Wb8+tNnU4Q2Apcb2o3ym9B WByW47e0ujOchNqnEWGobOAIz4TOYq7ZTAYf200H4bF1N/PaK+FveWtfCIPV0YXf1TtMMYrom6UV SI4kYYF9sHeMIMwdcXvbcW3miMnUM2Emsi9txbEPVg1qUMSDkp5pIWEZC/I1rY5FHkKo0u0Jw1cU LvAoBbfkK8bOhu7bbVUoRgQpHUQvfoD8GZuflzb+OXs8uj6z0Jxi+nxDzx4Ls2g4JTxgWcZDSH6A YNtttt1Qw2JoxtvkaiJcGWTqVUohexybMennz5pnbCZdBw1jqu1e6fR6jAaPY4T7fDGehgtwQJxm 878Na1pDGMsBiKQbrGGr94Lwmw2hrjVQxbDD9BKB8C1Vbmkc7SwZVFYSPKbxYm2OqBXalsiRSkGX FklUvSQsioJozJsIREvFuRq43xD9rC+68MTyBqwsSxaWLSl44Sk5vXWN/o6yZRTGlAKfMXVuKoRU uGM9NCkmMJgH+RgvCoNApQIM5A4J0Fkh2JDFFHRjn+JUsGOnzL5GOZhqGjK21RqGixs5oLSLsFDi 4eCkvWYA87O41OkCIlMYfsgZUQnR991k2FZaxyhpKvnSpdruFlxDEvEh+j3C1qDXHmCWmpkbgoDD KtY2cZLMBS6SbbA/X4aZCz37WTzKGUMJrnm8WqoGi7O4Njjeg0XW0pPCqwhk5dYm0MYBmUTLJFpq gSpYPIoGCqSk7icGzh2TUypbDd4raXzGEhWqgu2zRN/ZQolgJqY8S3Yp6rMougwvZg1agqm5ZURN DJZLrVL1vYuN1mNIrlLSjosmFjKq4CyRmPYZ8ME3leM5qxoCVYoiApEYGWNKl11QyBKNci3ztO8O aTjMK3WxqNHMklcCJNSFkgd7E3Vs7dCQI04CjUtmMFEydM84dotUCVpEq8eVjjAtw4Ilsj/lATg4 +CfVVH2czt5wLJ5HqshMmN5KMy5afNjExLiQ9wpxyKEbDgcTXeS1U/LS6lHHfSGY3qQYyE5m97Oc cjKUvsrk4rBQ44okpjaWTaJ3gm4cML7DBzjPlndRWOxbaC8y7Id3wMXQFRiKhZUjAjgI0uMy0tKA owJXjzu3HgCaH+puzv2IuljNh1vvYpi9zGmC4yqakDEcnK7S0247+7PoslFSuhaygoXVmHU+ch7o 7B5HMUQdhy27zAEgbaTGVNxePRehiMUE6EG8QSx2T/c+MvU4vYcmwt0CczsF2Yc0gfmdjjpHVzHv RB8YCabx0kWJSoz1v9hrZDsBmnzIpP0qKcxgx9QVgkoAdq5NwbjlG0TtOoaFwrTNs+beGmDb4pCa TD+Dv+X3BZ/aXrAsLhlCwj9z43pSIGbzscicyR9dP+lp/A+ReETPa0Lz/CK2cz22n1DU09qJiDG+ Qp5fNw/x7PKXw9I0WihkHJ0hATGl0EhEmNK3ufusKCCjVmSGNNqDLzZB0HUEfMmV1eox8Cqfxcg/ qdSX6fI80gsyWgDDJiTol6gXuNBvr2nMdxtQwjz9xRLXlY6BheXQXC0cfIAwGQ3fNRzguy11kP/b nlrm1iCWvHVHuYYeOxwcbfnCv5Gdfk7KS/IuM4x9eUDHaaDw+pWWmouO7tyGssvsobEaBldiJ8Ny OYwczCOKDGDa+quHEQS38/M3zjBpXpNnUU6BpvPAtRhbNL69bjKdUn9uXC82WPa0tSLE/frHpBgD 36hwQBYARA1wKiyLHQZChEy8fImryShtPUzpKE4feDUzZWEcx69p1SJCMJCL3sPwW4vOZZYgLWER DGXWNeuLITce4xJxElQAm45D/JGkcbDG/iAYqjFLIP0fbsmeexHJ4Oa9pvVRNh03WyCjIRed/jqH sZiHf0rNRiJGkvG1mzvxB1DpRgzOY3GULUtHM0aWCoeY+SRQzllT+LVPK8GUf30gGzYYzOS57jHh bXkM7YspPk9bbuLXerjvRmNhx1mkNY524YeUG8C+pIrZzMOTAyn47k6ArRjfPKW8KDAHY+7tVrxU 0mByMRaxEw3rligAzJ6AmIeAOSkAZPEkgjRUQ8zgeUw3DBoxbMx1IcDaeLeFEZiTjRiSmaMpf7A7 PMHhUNyTHebsA7MQDo8cvvgIcToZCugzAyPBc3cAzAd5WdxaETucuWWzIbpBtsGcmQI4dM2wPWxv ClTsVXSSRNRkfAHN5V0bAE4xNTjqCscZkm6Ep+MdsSefggbSfIaKVmVWJeRYlJJRUQeyPY5JXrKu 1KOT/RQsGrwDyMqzs6vOe2VexmEx2gpGlkacSWBZg/MzykVM69tQnuI0KWgwu9I3wPXrDLxM6wdv B7LeTJj4rxMZEw+u5LBQn1NZIy33GVi1OTMz3mUYMASSlveECIs8SZtVUYG0NSbIQEASKkzsYdmC SqMsS37xvAhEd23ji20qDabSPpGSAxGHbq5WqYyQMMwdpvNDLnxYlA0IkdGIkQFL2lhfcHGRZYhF lqqeKnd3/f2FyVpqGX5JkvA54m3SqjssgGkmmtANJlF9gwlETIcCgBRiaC9IcBsGL19bl9DakuO+ +bGxJjbTaTRpWB8H5+FiM/IjyHHQvO0iCoP6YUbyr00HMFP6MnCR9WyJFXCMxtpwi+hjob7x0YLw QGhLNxFD6LUaChXUM1B6Tz1OXzYgtoRIHoqH5wSVCzGC2mLHncDC8nSRasDvxIOnk5P9tp5k32+I PZMMXMMxSvs8DAdwL3gsrF5s0Fpw8VBHXp6zBco8E2vG4GB2tQINp+0ii/IgBcz2m5cZW7NI0baS zqqkkYz97XaueN2gRz9E0Wl1eIZKfYSMsT1AKG9P5FQ5HbWeUzus6rfKKRmOKS4s+RPLG8QjbJTZ IjqfhgaJUKG10GUIm8oxw4Wcj+cXT57534yvDiwsyiGwb6H+DseEKLqPrQdDSVKNTDGqaUBu0HAw 3q/Sku0NzbbbxPxMusnBAZVcxsaGNXLBKAR6FF/R5TVolhr1yIyDqa7aoG+E65FHhAHaJhBe09x3 SxkSuYVVswoXD0GcB8VIQTAtoARUZEk15VX8RiPV3LZADzVywGvCIdeca0aCP9zi5BCr4WzqxSbL tPcRmj8KWIYFNKKk1RvHQVbhQym/T3+nw9fthZDYFVcgLhiymsqREayajcIdCeTgQgo8SBhIjElE UkETM4HXUKOFYJ8EgvnAfU8B5jy8Z2bHn6ZYoDfGPccpIDvHePwovTdp8wTG/h7DSXHQVxFeHYSB W/oUAMaQvNExdN6LIYZDAvAx/F3JFOFCQM1S+aw= --===============3829995142254267541==--