List:Commits« Previous MessageNext Message »
From:Kristofer Pettersson Date:August 11 2008 11:41am
Subject:bzr commit into mysql-5.0 branch (kpettersson:2652) Bug#38486
View as plain text  
#At file:///home/thek/Development/cpp/mysqlbzr/mysql-5.0-bugteam-bug24176/

 2652 Kristofer Pettersson	2008-08-11
      Bug#38486 Crash when using cursor protocol
                  
      Server side cursors were not initialized properly and this caused a reference to
      uninitialized memory.
modified:
  sql/sql_cursor.cc
  tests/mysql_client_test.c

=== modified file 'sql/sql_cursor.cc'
--- a/sql/sql_cursor.cc	2008-02-20 19:45:24 +0000
+++ b/sql/sql_cursor.cc	2008-08-11 09:40:54 +0000
@@ -111,7 +111,8 @@ class Select_materialize: public select_
   select_result *result; /* the result object of the caller (PS or SP) */
 public:
   Materialized_cursor *materialized_cursor;
-  Select_materialize(select_result *result_arg) :result(result_arg) {}
+  Select_materialize(select_result *result_arg) :result(result_arg),
+    materialized_cursor(0) {}
   virtual bool send_fields(List<Item> &list, uint flags);
 };
 
@@ -155,6 +156,7 @@ int mysql_open_cursor(THD *thd, uint fla
   if (! (sensitive_cursor= new (thd->mem_root) Sensitive_cursor(thd, result)))
   {
     delete result_materialize;
+    result_materialize= NULL;
     return 1;
   }
 
@@ -212,6 +214,7 @@ int mysql_open_cursor(THD *thd, uint fla
     if ((rc= materialized_cursor->open(0)))
     {
       delete materialized_cursor;
+      materialized_cursor= NULL;
       goto err_open;
     }
 

=== modified file 'tests/mysql_client_test.c'
--- a/tests/mysql_client_test.c	2008-05-27 11:33:08 +0000
+++ b/tests/mysql_client_test.c	2008-08-11 09:40:54 +0000
@@ -16189,6 +16189,35 @@ static void test_bug32265()
   DBUG_VOID_RETURN;
 }
 
+
+/**
+  Bug#38486 Crash when using cursor protocol
+*/
+
+static void test_bug38486(void)
+{
+    myheader("test_bug38486");
+    
+    MYSQL_STMT *stmt;
+    stmt= mysql_stmt_init(mysql);
+    unsigned long type= CURSOR_TYPE_READ_ONLY;
+    mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type);
+    const char *sql= "CREATE TABLE t1 (a INT)";
+    mysql_stmt_prepare(stmt,sql,strlen(sql));
+    
+    mysql_stmt_execute(stmt);
+    mysql_stmt_close(stmt);
+    
+    stmt= mysql_stmt_init(mysql);
+    mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type);
+    const char *sql2= "INSERT INTO t1 VALUES (1)";
+    mysql_stmt_prepare(stmt,sql2,strlen(sql2));
+    mysql_stmt_execute(stmt);
+    
+    mysql_stmt_close(stmt);
+}
+
+
 /*
   Read and parse arguments and MySQL options from my.cnf
 */
@@ -16483,6 +16512,7 @@ static struct my_tests_st my_tests[]= {
   { "test_bug29306", test_bug29306 },
   { "test_bug31669", test_bug31669 },
   { "test_bug32265", test_bug32265 },
+  { "test_bug38486", test_bug38486 },
   { 0, 0 }
 };
Thread
bzr commit into mysql-5.0 branch (kpettersson:2652) Bug#38486Kristofer Pettersson11 Aug