#At file:///home/gluh/MySQL/bazaar/mysql-5.0-bugteam/
2671 Sergey Glukhov 2008-08-20
Bug#38291 memory corruption and server crash with view/sp/function
Send_field.org_col_name has broken value on secondary execution.
It happens when result field is created from the field which belongs to view
due to forgotten assignment of some Send_field attributes.
The fix:
set Send_field.org_col_name,org_table)name with correct value during Send_field intialization.
modified:
mysql-test/r/metadata.result
mysql-test/r/sp.result
mysql-test/t/sp.test
sql/item.cc
tests/mysql_client_test.c
per-file messages:
mysql-test/r/metadata.result
result fix
The result file was changed because now forgotten attributes are properly set.
mysql-test/r/sp.result
test result
mysql-test/t/sp.test
test case
sql/item.cc
Send_field.org_col_name has broken value on secondary execution.
It happens when result field is created from the field which belongs to view
due to forgotten assignment of some Send_field attributes.
The fix:
set Send_field.org_col_name,org_table)name with correct value during Send_field intialization.
tests/mysql_client_test.c
test case fix
The test was changed because now forgotten attributes are properly set.
=== modified file 'mysql-test/r/metadata.result'
--- a/mysql-test/r/metadata.result 2007-06-20 09:21:48 +0000
+++ b/mysql-test/r/metadata.result 2008-08-20 07:44:15 +0000
@@ -108,11 +108,11 @@ id
1
select * from v1 group by id limit 0;
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
-def test t1 v1 id id 3 10 0 Y 32768 0 63
+def test v1 v1 id id 3 10 0 Y 32768 0 63
id
select * from v1 where id=1000 group by id;
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
-def test t1 v1 id id 3 10 0 Y 32768 0 63
+def test v1 v1 id id 3 10 0 Y 32768 0 63
id
select * from v1 where id=1 group by id;
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
@@ -126,7 +126,7 @@ renamed
1
select * from v3 where renamed=1 group by renamed;
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
-def v3 renamed 8 12 0 Y 32896 0 63
+def v3 v3 renamed renamed 8 12 0 Y 32896 0 63
renamed
drop table t1;
drop view v1,v2,v3;
@@ -156,8 +156,8 @@ c1
3
SELECT v1.c1, v2.c2 FROM v1 JOIN v2 ON c1=c2;
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
-def test t1 v1 c1 c1 254 1 1 Y 0 0 8
-def test t2 v2 c2 c2 254 1 1 Y 0 0 8
+def test v1 v1 c1 c1 254 1 1 Y 0 0 8
+def test v2 v2 c2 c2 254 1 1 Y 0 0 8
c1 c2
1 1
2 2
=== modified file 'mysql-test/r/sp.result'
--- a/mysql-test/r/sp.result 2008-02-17 11:37:39 +0000
+++ b/mysql-test/r/sp.result 2008-08-20 07:44:15 +0000
@@ -6646,6 +6646,20 @@ ttt
2
drop function func30787;
drop table t1;
+create table t1(c1 INT);
+create function f1(p1 int) returns varchar(32)
+return 'aaa';
+create view v1 as select f1(c1) as parent_control_name from t1;
+create procedure p1()
+begin
+select parent_control_name as c1 from v1;
+end //
+c1
+c1
+drop procedure p1;
+drop function f1;
+drop view v1;
+drop table t1;
# ------------------------------------------------------------------
# -- End of 5.0 tests
# ------------------------------------------------------------------
=== modified file 'mysql-test/t/sp.test'
--- a/mysql-test/t/sp.test 2008-02-17 11:37:39 +0000
+++ b/mysql-test/t/sp.test 2008-08-20 07:44:15 +0000
@@ -7794,6 +7794,35 @@ drop function func30787;
drop table t1;
+#
+# Bug#38291 memory corruption and server crash with view/sp/function
+#
+
+create table t1(c1 INT);
+create function f1(p1 int) returns varchar(32)
+ return 'aaa';
+create view v1 as select f1(c1) as parent_control_name from t1;
+
+delimiter //;
+create procedure p1()
+begin
+ select parent_control_name as c1 from v1;
+end //
+delimiter ;//
+
+--disable_query_log
+let $tab_count= 2;
+while ($tab_count)
+{
+ EVAL call p1();
+ dec $tab_count ;
+}
+--enable_query_log
+drop procedure p1;
+drop function f1;
+drop view v1;
+drop table t1;
+
--echo # ------------------------------------------------------------------
--echo # -- End of 5.0 tests
--echo # ------------------------------------------------------------------
=== modified file 'sql/item.cc'
--- a/sql/item.cc 2008-07-30 11:07:37 +0000
+++ b/sql/item.cc 2008-08-20 07:44:15 +0000
@@ -5764,6 +5764,10 @@ void Item_ref::make_field(Send_field *fi
field->table_name= table_name;
if (db_name)
field->db_name= db_name;
+ if (orig_field_name)
+ field->org_col_name= orig_field_name;
+ if (orig_table_name)
+ field->org_table_name= orig_table_name;
}
=== modified file 'tests/mysql_client_test.c'
--- a/tests/mysql_client_test.c 2008-08-15 20:13:27 +0000
+++ b/tests/mysql_client_test.c 2008-08-20 07:44:15 +0000
@@ -16162,7 +16162,7 @@ static void test_bug32265()
metadata= mysql_stmt_result_metadata(stmt);
field= mysql_fetch_field(metadata);
DIE_UNLESS(strcmp(field->table, "v1") == 0);
- DIE_UNLESS(strcmp(field->org_table, "t1") == 0);
+ DIE_UNLESS(strcmp(field->org_table, "v1") == 0);
DIE_UNLESS(strcmp(field->db, "client_test_db") == 0);
mysql_free_result(metadata);
mysql_stmt_close(stmt);
@@ -16174,7 +16174,7 @@ static void test_bug32265()
metadata= mysql_stmt_result_metadata(stmt);
field= mysql_fetch_field(metadata);
DIE_UNLESS(strcmp(field->table, "v1") == 0);
- DIE_UNLESS(strcmp(field->org_table, "t1") == 0);
+ DIE_UNLESS(strcmp(field->org_table, "v1") == 0);
DIE_UNLESS(strcmp(field->db, "client_test_db") == 0);
mysql_free_result(metadata);
mysql_stmt_close(stmt);
| Thread |
|---|
| • bzr commit into mysql-5.0 branch (gluh:2671) Bug#38291 | Sergey Glukhov | 20 Aug |
