List:Commits« Previous MessageNext Message »
From:Kristofer Pettersson Date:July 31 2008 1:44pm
Subject:bzr commit into mysql-5.0 branch (kpettersson:2652) Bug#38486
View as plain text  
#At file:///home/thek/Development/cpp/mysqlbzr/mysql-5.0-bugteam-bug24176/

 2652 Kristofer Pettersson	2008-07-31
      Bug#38486 Crash when using cursor protocol
      
      Server side cursors were not initialized properly and this caused a reference to
      uninitialized memory.
modified:
  sql/sql_cursor.cc

per-file messages:
  sql/sql_cursor.cc
    materialized_cursor is assumed to be NULL upon initialization.
=== modified file 'sql/sql_cursor.cc'
--- a/sql/sql_cursor.cc	2008-02-20 19:45:24 +0000
+++ b/sql/sql_cursor.cc	2008-07-31 11:44:48 +0000
@@ -111,7 +111,8 @@ class Select_materialize: public select_
   select_result *result; /* the result object of the caller (PS or SP) */
 public:
   Materialized_cursor *materialized_cursor;
-  Select_materialize(select_result *result_arg) :result(result_arg) {}
+  Select_materialize(select_result *result_arg) :result(result_arg),
+    materialized_cursor(0) {}
   virtual bool send_fields(List<Item> &list, uint flags);
 };
 
@@ -155,6 +156,7 @@ int mysql_open_cursor(THD *thd, uint fla
   if (! (sensitive_cursor= new (thd->mem_root) Sensitive_cursor(thd, result)))
   {
     delete result_materialize;
+    result_materialize= NULL;
     return 1;
   }
 
@@ -212,6 +214,7 @@ int mysql_open_cursor(THD *thd, uint fla
     if ((rc= materialized_cursor->open(0)))
     {
       delete materialized_cursor;
+      materialized_cursor= NULL;
       goto err_open;
     }
 
@@ -243,7 +246,8 @@ void Server_side_cursor::operator delete
   MEM_ROOT own_root= *cursor->mem_root;
 
   DBUG_ENTER("Server_side_cursor::operator delete");
-  TRASH(ptr, size);
+  //TRASH(ptr, size);
+  bfill(ptr,size,0x0);
   /*
     If this cursor has never been opened mem_root is empty. Otherwise
     mem_root points to the memory the cursor object was allocated in.
@@ -701,8 +705,8 @@ bool Select_materialize::send_fields(Lis
                           FALSE, thd->options | TMP_TABLE_ALL_COLUMNS, ""))
     return TRUE;
 
-  materialized_cursor= new (&table->mem_root)
-                       Materialized_cursor(result, table);
+   materialized_cursor= new (&table->mem_root)
+                          Materialized_cursor(result, table);
 
   if (! materialized_cursor)
   {
Thread
bzr commit into mysql-5.0 branch (kpettersson:2652) Bug#38486Kristofer Pettersson31 Jul