| List: | Commits | « Previous MessageNext Message » | |
| From: | Kristofer Pettersson | Date: | July 31 2008 2:29pm |
| Subject: | bzr commit into mysql-5.0 branch (kpettersson:2652) Bug#38486 | ||
| View as plain text | |||
#At file:///home/thek/Development/cpp/mysqlbzr/mysql-5.0-bugteam-bug24176/
2652 Kristofer Pettersson 2008-07-31
Bug#38486 Crash when using cursor protocol
Server side cursors were not initialized properly and this caused a reference to
uninitialized memory.
modified:
sql/sql_cursor.cc
tests/mysql_client_test.c
per-file messages:
sql/sql_cursor.cc
Initialize materialized cursor with null value.
tests/mysql_client_test.c
Added test to client test.
=== modified file 'sql/sql_cursor.cc'
--- a/sql/sql_cursor.cc 2008-02-20 19:45:24 +0000
+++ b/sql/sql_cursor.cc 2008-07-31 12:29:27 +0000
@@ -111,7 +111,8 @@ class Select_materialize: public select_
select_result *result; /* the result object of the caller (PS or SP) */
public:
Materialized_cursor *materialized_cursor;
- Select_materialize(select_result *result_arg) :result(result_arg) {}
+ Select_materialize(select_result *result_arg) :result(result_arg),
+ materialized_cursor(0) {}
virtual bool send_fields(List<Item> &list, uint flags);
};
@@ -155,6 +156,7 @@ int mysql_open_cursor(THD *thd, uint fla
if (! (sensitive_cursor= new (thd->mem_root) Sensitive_cursor(thd, result)))
{
delete result_materialize;
+ result_materialize= NULL;
return 1;
}
@@ -212,6 +214,7 @@ int mysql_open_cursor(THD *thd, uint fla
if ((rc= materialized_cursor->open(0)))
{
delete materialized_cursor;
+ materialized_cursor= NULL;
goto err_open;
}
@@ -243,7 +246,8 @@ void Server_side_cursor::operator delete
MEM_ROOT own_root= *cursor->mem_root;
DBUG_ENTER("Server_side_cursor::operator delete");
- TRASH(ptr, size);
+ //TRASH(ptr, size);
+ bfill(ptr,size,0x0);
/*
If this cursor has never been opened mem_root is empty. Otherwise
mem_root points to the memory the cursor object was allocated in.
@@ -701,8 +705,8 @@ bool Select_materialize::send_fields(Lis
FALSE, thd->options | TMP_TABLE_ALL_COLUMNS, ""))
return TRUE;
- materialized_cursor= new (&table->mem_root)
- Materialized_cursor(result, table);
+ materialized_cursor= new (&table->mem_root)
+ Materialized_cursor(result, table);
if (! materialized_cursor)
{
=== modified file 'tests/mysql_client_test.c'
--- a/tests/mysql_client_test.c 2008-05-27 11:33:08 +0000
+++ b/tests/mysql_client_test.c 2008-07-31 12:29:27 +0000
@@ -16189,6 +16189,35 @@ static void test_bug32265()
DBUG_VOID_RETURN;
}
+
+/**
+ Bug#38486 Crash when using cursor protocol
+*/
+
+static void test_bug38486(void)
+{
+ myheader("test_bug38486");
+
+ MYSQL_STMT *stmt;
+ stmt= mysql_stmt_init(mysql);
+ unsigned long type= CURSOR_TYPE_READ_ONLY;
+ mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type);
+ const char *sql= "CREATE TABLE t1 (a INT)";
+ mysql_stmt_prepare(stmt,sql,strlen(sql));
+
+ mysql_stmt_execute(stmt);
+ mysql_stmt_close(stmt);
+
+ stmt= mysql_stmt_init(mysql);
+ mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type);
+ const char *sql2= "INSERT INTO t1 VALUES (1)";
+ mysql_stmt_prepare(stmt,sql2,strlen(sql2));
+ mysql_stmt_execute(stmt);
+
+ mysql_stmt_close(stmt);
+}
+
+
/*
Read and parse arguments and MySQL options from my.cnf
*/
@@ -16483,6 +16512,7 @@ static struct my_tests_st my_tests[]= {
{ "test_bug29306", test_bug29306 },
{ "test_bug31669", test_bug31669 },
{ "test_bug32265", test_bug32265 },
+ { "test_bug38486", test_bug38486 },
{ 0, 0 }
};
| Thread | ||
|---|---|---|
| • bzr commit into mysql-5.0 branch (kpettersson:2652) Bug#38486 | Kristofer Pettersson | 31 Jul |
© 1995-2008 MySQL AB, 2008-2009 Sun Microsystems, Inc.
Page generated in 0.041 sec. using MySQL 5.1.14-beta-log