From: Date: July 25 2008 1:20pm
Subject: bzr commit into mysql-5.1 branch (gluh:2673) Bug#38291
List-Archive: http://lists.mysql.com/commits/50496
X-Bug: 38291
Message-Id: <20080725112044.A696824A0078@eagle.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

#At file:///home/gluh/MySQL/bazaar/mysql-5.1-bug-38291/

 2673 Sergey Glukhov	2008-07-25
      Bug#38291 memory corruption and server crash with view/sp/function
      The problem:
      Send_field.org_col_name has broken value on secondary execution.
      It happens when result field is created from the field which belongs to view.
      The fix:
      set Send_field.org_col_name with correct value during Send_field intialization.
modified:
  mysql-test/r/metadata.result
  mysql-test/r/sp.result
  mysql-test/t/sp.test
  sql/item.cc

per-file messages:
  mysql-test/r/metadata.result
    result fix
  mysql-test/r/sp.result
    test result
  mysql-test/t/sp.test
    test case
  sql/item.cc
    The problem:
    Send_field.org_col_name has broken value on secondary execution.
    It happens when result field is created from the field which belongs to view.
    The fix:
    set Send_field.org_col_name with correct value during Send_field intialization.
=== modified file 'mysql-test/r/metadata.result'
--- a/mysql-test/r/metadata.result	2007-11-13 13:24:48 +0000
+++ b/mysql-test/r/metadata.result	2008-07-25 11:20:35 +0000
@@ -126,7 +126,7 @@ renamed
 1
 select * from v3 where renamed=1 group by renamed;
 Catalog	Database	Table	Table_alias	Column	Column_alias	Type	Length	Max length	Is_null	Flags	Decimals	Charsetnr
-def			v3		renamed	8	12	0	Y	32896	0	63
+def			v3	renamed	renamed	8	12	0	Y	32896	0	63
 renamed
 drop table t1;
 drop view v1,v2,v3;

=== modified file 'mysql-test/r/sp.result'
--- a/mysql-test/r/sp.result	2008-05-13 12:06:32 +0000
+++ b/mysql-test/r/sp.result	2008-07-25 11:20:35 +0000
@@ -6937,6 +6937,31 @@ select name from mysql.proc where name =
 name
 p
 drop procedure p;
+create table t1(
+form_control_name varchar(50) not null,
+form_trkno bigint(19) not null,
+form_control_trkno bigint(19) not null auto_increment primary key,
+PARENT_FORM_CONTROL_TRKNO bigint(19) default NULL);
+drop function if exists f1//
+Warnings:
+Note	1305	FUNCTION f1 does not exist
+create function f1 (formtrkno numeric(15), parentformcontroltrkno numeric(15))
+returns varchar(1000) charset latin1
+begin
+return "aaaaa" ;
+end //
+create view v1 as
+select f1(form_trkno,parent_form_control_trkno) as parent_control_name from t1;
+create procedure p1()
+begin
+select parent_control_name as parentcontrolname from v1;
+end //
+parentcontrolname
+parentcontrolname
+drop procedure p1;
+drop function f1;
+drop view v1;
+drop table t1;
 # ------------------------------------------------------------------
 # -- End of 5.1 tests
 # ------------------------------------------------------------------

=== modified file 'mysql-test/t/sp.test'
--- a/mysql-test/t/sp.test	2008-05-13 12:06:32 +0000
+++ b/mysql-test/t/sp.test	2008-07-25 11:20:35 +0000
@@ -8178,6 +8178,48 @@ select replace(@full_mode, 'ALLOW_INVALI
 select name from mysql.proc where name = 'p' and sql_mode = @full_mode;
 drop procedure p;
 
+#
+# Bug#38291 memory corruption and server crash with view/sp/function
+#
+
+create table t1(
+form_control_name varchar(50) not null,
+form_trkno bigint(19) not null,
+form_control_trkno bigint(19) not null auto_increment primary key,
+PARENT_FORM_CONTROL_TRKNO bigint(19) default NULL);
+
+delimiter //;
+drop function if exists f1//
+create function f1 (formtrkno numeric(15), parentformcontroltrkno numeric(15))
+                    returns varchar(1000) charset latin1
+begin
+return "aaaaa" ;
+end //
+delimiter ;//
+
+create view v1 as
+select f1(form_trkno,parent_form_control_trkno) as parent_control_name from t1;
+
+delimiter //;
+create procedure p1()
+begin
+    select parent_control_name as parentcontrolname from v1;
+end //
+delimiter ;//
+
+--disable_query_log
+let $tab_count= 2;
+while ($tab_count)
+{
+  EVAL call p1();
+  dec $tab_count ;
+}
+--enable_query_log
+drop procedure p1;
+drop function f1;
+drop view v1;
+drop table t1;
+
 --echo # ------------------------------------------------------------------
 --echo # -- End of 5.1 tests
 --echo # ------------------------------------------------------------------

=== modified file 'sql/item.cc'
--- a/sql/item.cc	2008-07-14 10:50:31 +0000
+++ b/sql/item.cc	2008-07-25 11:20:35 +0000
@@ -5927,6 +5927,8 @@ void Item_ref::make_field(Send_field *fi
     field->table_name= table_name;
   if (db_name)
     field->db_name= db_name;
+  if (orig_field_name)
+    field->org_col_name= orig_field_name;
 }