List:Commits« Previous MessageNext Message »
From:Alexander Nozdrin Date:May 9 2011 8:29am
Subject:bzr commit into mysql-5.5 branch (alexander.nozdrin:3499) Bug#12362125
View as plain text  
#At file:///home/alik/MySQL/bzr/00/bug12362125/mysql-5.5-bug12362125/ based on revid:alexander.nozdrin@stripped

 3499 Alexander Nozdrin	2011-05-09
      Patch for Bug#12362125 (SP INOUT HANDLING IS BROKEN FOR TEXT TYPE).
      
      Attempts to assign value to a table column from trigger by using
      NEW.column_name pseudo-variable might result in garbled data.
      That happened when:
        - the column had a BLOB-based type (e.g. TEXT)
          and
        - the value being assigned was retrieved from stored routine variable
          of the same type.
      
      The problem was that BLOB values were not copied correctly in this
      case. Instead of doing a copy of a real value, the value's representation
      in record buffer was copied. This representation is essentially a
      pointer to a buffer associated with the virtual table for routine
      variables where the real value is stored. Since this buffer got
      freed once trigger was left or could have changed its contents when
      new value was assigned to corresponding routine variable such a shallow
      copying resulted in garbled data in NEW.colum_name column.
      
      It worked in 5.1 due to a subtle bug in create_virtual_tmp_table():
        - in 5.1 create_virtual_tmp_table() returned a table which
          had db_low_byte_first == false.
        - in 5.5 and up create_virtual_tmp_table() returns a table which
          has db_low_byte_first == true.
      Actually, db_low_byte_first == false only for ISAM storage engine,
      which was deprecated and removed in 5.0.
      
      Having db_low_byte_first == false led to getting false in the
      complex condition for the 2nd "if" in field_conv(), which in turn
      led to copy-blob-behavior as a fall-back strategy:
        - to->table->s->db_low_byte_first was true (correct value)
        - from->table->s->db_low_byte_first was false (incorrect value)
      
      In 5.5 and up that condition is true, which means blob-values are
      not copied.

    modified:
      mysql-test/r/trigger.result
      mysql-test/t/trigger.test
      sql/item.cc
=== modified file 'mysql-test/r/trigger.result'
--- a/mysql-test/r/trigger.result	2011-03-10 08:07:57 +0000
+++ b/mysql-test/r/trigger.result	2011-05-09 08:29:23 +0000
@@ -2208,4 +2208,22 @@ trigger_name
 # Clean-up.
 drop temporary table t1;
 drop table t1;
-End of 6.0 tests.
+
+#
+# Bug #12362125: SP INOUT HANDLING IS BROKEN FOR TEXT TYPE.
+#
+DROP TABLE IF EXISTS t1;
+CREATE TABLE t1(c TEXT);
+CREATE TRIGGER t1_bi BEFORE INSERT ON t1 FOR EACH ROW
+BEGIN
+DECLARE v TEXT;
+SET v = 'aaa';
+SET NEW.c = v;
+END|
+INSERT INTO t1 VALUES('qazwsxedc');
+SELECT c FROM t1;
+c
+aaa
+DROP TABLE t1;
+
+End of 5.5 tests.

=== modified file 'mysql-test/t/trigger.test'
--- a/mysql-test/t/trigger.test	2011-03-10 08:07:57 +0000
+++ b/mysql-test/t/trigger.test	2011-05-09 08:29:23 +0000
@@ -2583,4 +2583,32 @@ select trigger_name from information_sch
 drop temporary table t1;
 drop table t1;
 
---echo End of 6.0 tests.
+
+--echo
+--echo #
+--echo # Bug #12362125: SP INOUT HANDLING IS BROKEN FOR TEXT TYPE.
+--echo #
+
+--disable_warnings
+DROP TABLE IF EXISTS t1;
+--enable_warnings
+
+CREATE TABLE t1(c TEXT);
+
+delimiter |;
+CREATE TRIGGER t1_bi BEFORE INSERT ON t1 FOR EACH ROW
+BEGIN
+  DECLARE v TEXT;
+  SET v = 'aaa';
+  SET NEW.c = v;
+END|
+delimiter ;|
+
+INSERT INTO t1 VALUES('qazwsxedc');
+
+SELECT c FROM t1;
+
+DROP TABLE t1;
+
+--echo
+--echo End of 5.5 tests.

=== modified file 'sql/item.cc'
--- a/sql/item.cc	2011-05-06 11:41:24 +0000
+++ b/sql/item.cc	2011-05-09 08:29:23 +0000
@@ -7134,8 +7134,26 @@ bool Item_trigger_field::set_value(THD *
 {
   Item *item= sp_prepare_func_item(thd, it);
 
-  return (!item || (!fixed && fix_fields(thd, 0)) ||
-          (item->save_in_field(field, 0) < 0));
+  if (!item)
+    return true;
+
+  if (!fixed)
+  {
+    if (fix_fields(thd, NULL))
+      return true;
+  }
+
+  // NOTE: field->table->copy_blobs should be false here, but let's
+  // remember the value at runtime to avoid subtle bugs.
+  bool copy_blobs_saved= field->table->copy_blobs;
+
+  field->table->copy_blobs= true;
+
+  int err_code= item->save_in_field(field, 0);
+
+  field->table->copy_blobs= copy_blobs_saved;
+
+  return err_code < 0;
 }
 
 


Attachment: [text/bzr-bundle] bzr/alexander.nozdrin@oracle.com-20110509082923-g6qk184o794de45f.bundle
Thread
bzr commit into mysql-5.5 branch (alexander.nozdrin:3499) Bug#12362125Alexander Nozdrin9 May