From: Date: February 12 2007 9:55pm
Subject: bk commit into 4.1 tree (holyfoot:1.2600) BUG#25492
List-Archive: http://lists.mysql.com/commits/19728
X-Bug: 25492
Message-Id: <20070212205549.3C8C42C380A4@hfmain.localdomain>

Below is the list of changes that have just been committed into a local
4.1 repository of hf. When hf does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-02-13 00:55:45+04:00, holyfoot@stripped +1 -0
  bug #25492 (Invalid deallocation in mysql_stmt_fetch)

  libmysqld/lib_sql.cc@stripped, 2007-02-13 00:55:44+04:00, holyfoot@stripped +26 -6
    code modified to prevent freeing of memory that wasn't malloc-ed.
    Now we check if MYSQL_STMT::result was used.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	holyfoot
# Host:	hfmain.(none)
# Root:	/home/hf/work/25492/my41-25492

--- 1.136/libmysqld/lib_sql.cc	2007-02-13 00:55:49 +04:00
+++ 1.137/libmysqld/lib_sql.cc	2007-02-13 00:55:49 +04:00
@@ -66,6 +66,16 @@ void embedded_get_error(MYSQL *mysql)
   }
 }
 
+
+static void emb_free_rows(THD *thd)
+{
+  if (thd->current_stmt)
+    free_root(&thd->data->alloc,MYF(0));
+  else
+    free_rows(thd->data);
+}
+
+
 static my_bool
 emb_advanced_command(MYSQL *mysql, enum enum_server_command command,
 		     const char *header, ulong header_length,
@@ -78,7 +88,7 @@ emb_advanced_command(MYSQL *mysql, enum 
 
   if (thd->data)
   {
-    free_rows(thd->data);
+    emb_free_rows(thd);
     thd->data= 0;
   }
   /* Check that we are calling the client functions in right order */
@@ -248,13 +258,23 @@ static int emb_stmt_execute(MYSQL_STMT *
 
 int emb_read_binary_rows(MYSQL_STMT *stmt)
 {
-  MYSQL_DATA *data;
-  if (!(data= emb_read_rows(stmt->mysql, 0, 0)))
+  MYSQL *mysql= stmt->mysql;
+  embedded_get_error(mysql);
+  if (mysql->net.last_errno)
   {
-    set_stmt_errmsg(stmt, stmt->mysql->net.last_error,
-                    stmt->mysql->net.last_errno, stmt->mysql->net.sqlstate);
+    set_stmt_errmsg(stmt, mysql->net.last_error,
+                    mysql->net.last_errno, mysql->net.sqlstate);
     return 1;
   }
+
+  if (((THD*)mysql->thd)->data)
+  {
+    DBUG_ASSERT(((THD*) mysql->thd)->data == &stmt->result);
+    stmt->result.prev_ptr= NULL;
+    ((THD*)mysql->thd)->data= NULL;
+  }
+  else
+    stmt->result.rows= 0;
   return 0;
 }
 
@@ -285,7 +305,7 @@ static void emb_free_embedded_thd(MYSQL 
 {
   THD *thd= (THD*)mysql->thd;
   if (thd->data)
-    free_rows(thd->data);
+    emb_free_rows(thd);
   thread_count--;
   delete thd;
   mysql->thd=0;