From: Date: August 13 2008 6:26pm Subject: bzr commit into mysql-6.0-bugteam branch (marc.alff:2758) Bug#37302 Bug#38296 Bug#38486 List-Archive: http://lists.mysql.com/commits/51535 X-Bug: 37302,38296,38486 Message-Id: <20080813162626.4C9C92D875@lambda.WEBLAB> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit #At file:///home/malff/BZR-TREE/mysql-6.0-bt-merge/ 2758 Marc Alff 2008-08-13 [merge] Merge 5.1-bugteam -> 6.0-bugteam Manual merge of sql_yacc.yy modified: sql/sql_cursor.cc sql/sql_yacc.yy tests/mysql_client_test.c === modified file 'sql/sql_cursor.cc' --- a/sql/sql_cursor.cc 2008-08-11 13:45:45 +0000 +++ b/sql/sql_cursor.cc 2008-08-13 16:25:48 +0000 @@ -155,6 +155,7 @@ int mysql_open_cursor(THD *thd, uint fla if (! (sensitive_cursor= new (thd->mem_root) Sensitive_cursor(thd, result))) { delete result_materialize; + result_materialize= NULL; return 1; } @@ -212,6 +213,7 @@ int mysql_open_cursor(THD *thd, uint fla if ((rc= materialized_cursor->open(0))) { delete materialized_cursor; + materialized_cursor= NULL; goto err_open; } === modified file 'sql/sql_yacc.yy' --- a/sql/sql_yacc.yy 2008-08-12 08:20:26 +0000 +++ b/sql/sql_yacc.yy 2008-08-13 16:25:48 +0000 @@ -1870,6 +1870,8 @@ create: } key= new Key($3, $5, &lex->key_create_info, 0, lex->col_list); + if (key == NULL) + MYSQL_YYABORT; lex->alter_info.key_list.push_back(key); lex->col_list.empty(); } @@ -2510,7 +2512,8 @@ sp_decl: sp_instr_hpush_jump *i= new sp_instr_hpush_jump(sp->instructions(), ctx, $2, ctx->current_var_count()); - + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); sp->push_backpatch(i, ctx->push_label((char *)"", 0)); } @@ -2526,12 +2529,15 @@ sp_decl: { i= new sp_instr_hreturn(sp->instructions(), ctx, ctx->current_var_count()); + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); } else { /* EXIT or UNDO handler, just jump to the end of the block */ i= new sp_instr_hreturn(sp->instructions(), ctx, 0); - + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); sp->push_backpatch(i, lex->spcont->last_label()); /* Block end */ } @@ -2559,6 +2565,8 @@ sp_decl: } i= new sp_instr_cpush(sp->instructions(), ctx, $5, ctx->current_cursor_count()); + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); ctx->push_cursor(&$2); $$.vars= $$.conds= $$.hndlrs= 0; @@ -2785,6 +2793,8 @@ sp_proc_stmt_statement: { sp_instr_stmt *i=new sp_instr_stmt(sp->instructions(), lex->spcont, lex); + if (i == NULL) + MYSQL_YYABORT; /* Extract the query statement from the tokenizer. The @@ -2823,6 +2833,8 @@ sp_proc_stmt_return: i= new sp_instr_freturn(sp->instructions(), lex->spcont, $3, sp->m_return_field_def.sql_type, lex); + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); sp->m_flags|= sp_head::HAS_RETURN; } @@ -2933,6 +2945,8 @@ sp_proc_stmt_iterate: sp->add_instr(cpop); } i= new sp_instr_jump(ip, ctx, lab->ip); /* Jump back */ + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); } } @@ -2952,6 +2966,8 @@ sp_proc_stmt_open: MYSQL_YYABORT; } i= new sp_instr_copen(sp->instructions(), lex->spcont, offset); + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); } ; @@ -2970,6 +2986,8 @@ sp_proc_stmt_fetch: MYSQL_YYABORT; } i= new sp_instr_cfetch(sp->instructions(), lex->spcont, offset); + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); } sp_fetch_list @@ -2990,6 +3008,8 @@ sp_proc_stmt_close: MYSQL_YYABORT; } i= new sp_instr_cclose(sp->instructions(), lex->spcont, offset); + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); } ; @@ -3053,6 +3073,8 @@ sp_if: uint ip= sp->instructions(); sp_instr_jump_if_not *i = new sp_instr_jump_if_not(ip, ctx, $2, lex); + if (i == NULL) + MYSQL_YYABORT; sp->push_backpatch(i, ctx->push_label((char *)"", 0)); sp->add_cont_backpatch(i); @@ -3065,6 +3087,8 @@ sp_if: sp_pcontext *ctx= Lex->spcont; uint ip= sp->instructions(); sp_instr_jump *i = new sp_instr_jump(ip, ctx); + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); sp->backpatch(ctx->pop_label()); @@ -3188,6 +3212,8 @@ else_clause_opt: uint ip= sp->instructions(); sp_instr_error *i= new sp_instr_error(ip, lex->spcont, ER_SP_CASE_NOT_FOUND); + if (i == NULL) + MYSQL_YYABORT; sp->add_instr(i); } | ELSE sp_proc_stmts1 @@ -3296,14 +3322,23 @@ sp_block_content: LEX *lex= Lex; sp_head *sp= lex->sphead; sp_pcontext *ctx= lex->spcont; + sp_instr *i; sp->backpatch(ctx->last_label()); /* We always have a label */ if ($3.hndlrs) - sp->add_instr(new sp_instr_hpop(sp->instructions(), ctx, - $3.hndlrs)); + { + i= new sp_instr_hpop(sp->instructions(), ctx, $3.hndlrs); + if (i == NULL) + MYSQL_YYABORT; + sp->add_instr(i); + } if ($3.curs) - sp->add_instr(new sp_instr_cpop(sp->instructions(), ctx, - $3.curs)); + { + i= new sp_instr_cpop(sp->instructions(), ctx, $3.curs); + if (i == NULL) + MYSQL_YYABORT; + sp->add_instr(i); + } lex->spcont= ctx->pop_context(); } ; @@ -3316,7 +3351,8 @@ sp_unlabeled_control: uint ip= lex->sphead->instructions(); sp_label_t *lab= lex->spcont->last_label(); /* Jumping back */ sp_instr_jump *i = new sp_instr_jump(ip, lex->spcont, lab->ip); - + if (i == NULL) + MYSQL_YYABORT; lex->sphead->add_instr(i); } | WHILE_SYM @@ -3328,7 +3364,8 @@ sp_unlabeled_control: uint ip= sp->instructions(); sp_instr_jump_if_not *i = new sp_instr_jump_if_not(ip, lex->spcont, $3, lex); - + if (i == NULL) + MYSQL_YYABORT; /* Jumping forward */ sp->push_backpatch(i, lex->spcont->last_label()); sp->new_cont_backpatch(i); @@ -3341,7 +3378,8 @@ sp_unlabeled_control: uint ip= lex->sphead->instructions(); sp_label_t *lab= lex->spcont->last_label(); /* Jumping back */ sp_instr_jump *i = new sp_instr_jump(ip, lex->spcont, lab->ip); - + if (i == NULL) + MYSQL_YYABORT; lex->sphead->add_instr(i); lex->sphead->do_cont_backpatch(); } @@ -3355,6 +3393,8 @@ sp_unlabeled_control: sp_instr_jump_if_not *i = new sp_instr_jump_if_not(ip, lex->spcont, $5, lab->ip, lex); + if (i == NULL) + MYSQL_YYABORT; lex->sphead->add_instr(i); lex->sphead->restore_lex(YYTHD); /* We can shortcut the cont_backpatch here */ @@ -3571,6 +3611,8 @@ tablespace_name: { LEX *lex= Lex; lex->alter_tablespace_info= new st_alter_tablespace(); + if (lex->alter_tablespace_info == NULL) + MYSQL_YYABORT; lex->alter_tablespace_info->tablespace_name= $1.str; lex->sql_command= SQLCOM_ALTER_TABLESPACE; } @@ -3581,6 +3623,8 @@ logfile_group_name: { LEX *lex= Lex; lex->alter_tablespace_info= new st_alter_tablespace(); + if (lex->alter_tablespace_info == NULL) + MYSQL_YYABORT; lex->alter_tablespace_info->logfile_group_name= $1.str; lex->sql_command= SQLCOM_ALTER_TABLESPACE; } @@ -3956,7 +4000,10 @@ part_func: uint expr_len= (uint)($4 - $2) - 1; lex->part_info->list_of_part_fields= FALSE; lex->part_info->part_expr= $3; - lex->part_info->part_func_string= (char* ) sql_memdup($2+1, expr_len); + char *func_string= (char*) sql_memdup($2+1, expr_len); + if (func_string == NULL) + MYSQL_YYABORT; + lex->part_info->part_func_string= func_string; lex->part_info->part_func_len= expr_len; } ; @@ -3968,7 +4015,10 @@ sub_part_func: uint expr_len= (uint)($4 - $2) - 1; lex->part_info->list_of_subpart_fields= FALSE; lex->part_info->subpart_expr= $3; - lex->part_info->subpart_func_string= (char* ) sql_memdup($2+1, expr_len); + char *func_string= (char*) sql_memdup($2+1, expr_len); + if (func_string == NULL) + MYSQL_YYABORT; + lex->part_info->subpart_func_string= func_string; lex->part_info->subpart_func_len= expr_len; } ; @@ -4771,6 +4821,8 @@ key_def: } Key *key= new Key($1, $2, &lex->key_create_info, 0, lex->col_list); + if (key == NULL) + MYSQL_YYABORT; lex->alter_info.key_list.push_back(key); lex->col_list.empty(); /* Alloced by sql_alloc */ } @@ -4780,6 +4832,8 @@ key_def: LEX *lex=Lex; Key *key= new Key($2, $3.str ? $3 : $1, &lex->key_create_info, 0, lex->col_list); + if (key == NULL) + MYSQL_YYABORT; lex->alter_info.key_list.push_back(key); lex->col_list.empty(); /* Alloced by sql_alloc */ } @@ -4792,10 +4846,14 @@ key_def: lex->fk_delete_opt, lex->fk_update_opt, lex->fk_match_option); + if (key == NULL) + MYSQL_YYABORT; lex->alter_info.key_list.push_back(key); key= new Key(Key::MULTIPLE, $1.str ? $1 : $4, &default_key_create_info, 1, lex->col_list); + if (key == NULL) + MYSQL_YYABORT; lex->alter_info.key_list.push_back(key); lex->col_list.empty(); /* Alloced by sql_alloc */ /* Only used for ALTER TABLE. Ignored otherwise. */ @@ -5418,12 +5476,20 @@ opt_ref_list: ref_list: ref_list ',' ident - { Lex->ref_list.push_back(new Key_part_spec($3, 0)); } + { + Key_part_spec *key= new Key_part_spec($3, 0); + if (key == NULL) + MYSQL_YYABORT; + Lex->ref_list.push_back(key); + } | ident { + Key_part_spec *key= new Key_part_spec($1, 0); + if (key == NULL) + YYABORT; LEX *lex= Lex; lex->ref_list.empty(); - lex->ref_list.push_back(new Key_part_spec($1, 0)); + lex->ref_list.push_back(key); } ; @@ -6998,6 +7064,8 @@ expr: { /* XOR is a proprietary extension */ $$ = new (YYTHD->mem_root) Item_cond_xor($1, $3); + if ($$ == NULL) + MYSQL_YYABORT; } | expr and expr %prec AND_SYM { @@ -7673,6 +7741,8 @@ function_call_keyword: | TRIM '(' expr FROM expr ')' { $$= new (YYTHD->mem_root) Item_func_trim($5,$3); + if ($$ == NULL) + MYSQL_YYABORT; } | USER '(' ')' { @@ -8855,8 +8925,11 @@ table_factor: SELECT_LEX *sel= lex->current_select; SELECT_LEX_UNIT *unit= sel->master_unit(); lex->current_select= sel= unit->outer_select(); + Table_ident *ti= new Table_ident(unit); + if (ti == NULL) + MYSQL_YYABORT; if (!($$= sel->add_table_to_list(lex->thd, - new Table_ident(unit), $5, 0, + ti, $5, 0, TL_READ))) MYSQL_YYABORT; @@ -10982,7 +11055,10 @@ text_literal: my_charset_is_ascii_based(cs_con))) tmp= $1; else - thd->convert_string(&tmp, cs_con, $1.str, $1.length, cs_cli); + { + if (thd->convert_string(&tmp, cs_con, $1.str, $1.length, cs_cli)) + MYSQL_YYABORT; + } $$= new (thd->mem_root) Item_string(tmp.str, tmp.length, cs_con, DERIVATION_COERCIBLE, repertoire); @@ -11054,6 +11130,8 @@ text_string: | BIN_NUM { Item *tmp= new (YYTHD->mem_root) Item_bin_string($1.str, $1.length); + if (tmp == NULL) + MYSQL_YYABORT; /* it is OK only emulate fix_fields, because we need only value of constant @@ -11228,7 +11306,7 @@ NUM_literal: } | FLOAT_NUM { - $$ = new (YYTHD->mem_root) Item_float($1.str, $1.length); + $$= new (YYTHD->mem_root) Item_float($1.str, $1.length); if (($$ == NULL) || (YYTHD->is_error())) { MYSQL_YYABORT; @@ -11249,8 +11327,8 @@ table_wild: ident '.' '*' { SELECT_LEX *sel= Select; - $$ = new (YYTHD->mem_root) Item_field(Lex->current_context(), - NullS, $1.str, "*"); + $$= new (YYTHD->mem_root) Item_field(Lex->current_context(), + NullS, $1.str, "*"); if ($$ == NULL) MYSQL_YYABORT; sel->with_wild++; @@ -11261,9 +11339,9 @@ table_wild: SELECT_LEX *sel= Select; const char* schema= thd->client_capabilities & CLIENT_NO_SCHEMA ? NullS : $1.str; - $$ = new (thd->mem_root) Item_field(Lex->current_context(), - schema, - $3.str,"*"); + $$= new (thd->mem_root) Item_field(Lex->current_context(), + schema, + $3.str,"*"); if ($$ == NULL) MYSQL_YYABORT; sel->with_wild++; @@ -11385,7 +11463,6 @@ simple_ident_q: lex->trg_chistics.event == TRG_EVENT_UPDATE)); const bool read_only= !(new_row && lex->trg_chistics.action_time == TRG_ACTION_BEFORE); - trg_fld= new (thd->mem_root) Item_trigger_field(Lex->current_context(), new_row ? @@ -12206,7 +12283,7 @@ sys_option_value: UPDATE_ACL, FALSE); if (trg_fld == NULL) MYSQL_YYABORT; - + sp_fld= new sp_instr_set_trigger_field(lex->sphead-> instructions(), lex->spcont, === modified file 'tests/mysql_client_test.c' --- a/tests/mysql_client_test.c 2008-08-11 13:45:45 +0000 +++ b/tests/mysql_client_test.c 2008-08-13 16:25:48 +0000 @@ -17881,6 +17881,36 @@ static void test_wl4284_1() DBUG_VOID_RETURN; } +/** + Bug#38486 Crash when using cursor protocol +*/ + +static void test_bug38486(void) +{ + MYSQL_STMT *stmt; + const char *stmt_text; + unsigned long type= CURSOR_TYPE_READ_ONLY; + + DBUG_ENTER("test_bug38486"); + myheader("test_bug38486"); + + stmt= mysql_stmt_init(mysql); + mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type); + stmt_text= "CREATE TABLE t1 (a INT)"; + mysql_stmt_prepare(stmt, stmt_text, strlen(stmt_text)); + mysql_stmt_execute(stmt); + mysql_stmt_close(stmt); + + stmt= mysql_stmt_init(mysql); + mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type); + stmt_text= "INSERT INTO t1 VALUES (1)"; + mysql_stmt_prepare(stmt, stmt_text, strlen(stmt_text)); + mysql_stmt_execute(stmt); + mysql_stmt_close(stmt); + + DBUG_VOID_RETURN; +} + /* Read and parse arguments and MySQL options from my.cnf */ @@ -18193,6 +18223,7 @@ static struct my_tests_st my_tests[]= { { "test_wl4166_4", test_wl4166_4 }, { "test_bug36004", test_bug36004 }, { "test_wl4284_1", test_wl4284_1 }, + { "test_bug38486", test_bug38486 }, { 0, 0 } };