List:Commits« Previous MessageNext Message »
From:pem Date:January 11 2006 3:12pm
Subject:bk commit into 5.0 tree (pem:1.2029) BUG#15658
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of pem. When pem does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2029 06/01/11 15:11:05 pem@stripped +6 -0
  Fixing BUG#15658: Server crashes after creating function as empty string
    Empty strings (and names with trailing spaces) should not be allowed.

  sql/sql_yacc.yy
    1.446 06/01/11 15:10:58 pem@stripped +15 -0
    Check db and name for stored routines.

  sql/sp_head.h
    1.81 06/01/11 15:10:57 pem@stripped +2 -0
    Added function for checking SP names.

  sql/sp_head.cc
    1.206 06/01/11 15:10:57 pem@stripped +17 -0
    Added function for checking SP names. (Mustn't be empty or contain trailing spaces.)

  sql/share/errmsg.txt
    1.57 06/01/11 15:10:57 pem@stripped +2 -0
    New error message for bad stored routine names.

  mysql-test/t/sp-error.test
    1.101 06/01/11 15:10:57 pem@stripped +27 -0
    New testcase for BUG#15658

  mysql-test/r/sp-error.result
    1.99 06/01/11 15:10:57 pem@stripped +19 -0
    New testcase for BUG#15658

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	pem
# Host:	mysql.comhem.se
# Root:	/usr/home/pem/bug15658/mysql-5.0

--- 1.445/sql/sql_yacc.yy	2005-12-11 08:30:53 +01:00
+++ 1.446/sql/sql_yacc.yy	2006-01-11 15:10:58 +01:00
@@ -1288,11 +1288,26 @@
 sp_name:
 	  ident '.' ident
 	  {
+            if (!$1.str || check_db_name($1.str))
+            {
+	      my_error(ER_WRONG_DB_NAME, MYF(0), $1.str);
+	      YYABORT;
+	    }
+	    if (sp_name_check($3))
+            {
+	      my_error(ER_SP_WRONG_NAME, MYF(0), $3.str);
+	      YYABORT;
+	    }
 	    $$= new sp_name($1, $3);
 	    $$->init_qname(YYTHD);
 	  }
 	| ident
 	  {
+	    if (sp_name_check($1))
+            {
+	      my_error(ER_SP_WRONG_NAME, MYF(0), $1.str);
+	      YYABORT;
+	    }
 	    $$= sp_name_current_db_new(YYTHD, $1);
 	  }
 	;

--- 1.56/sql/share/errmsg.txt	2005-12-20 19:42:13 +01:00
+++ 1.57/sql/share/errmsg.txt	2006-01-11 15:10:57 +01:00
@@ -5605,3 +5605,5 @@
         ger "Rekursionsgrenze %d (durch Variable max_sp_recursion_depth gegeben) wurde
für Routine %.64s überschritten"
 ER_SP_PROC_TABLE_CORRUPT
 	eng "Failed to load routine %s. The table mysql.proc is missing, corrupt, or contains
bad data (internal code %d)"
+ER_SP_WRONG_NAME 42000
+	eng "Incorrect routine name '%-.64s'"

--- 1.98/mysql-test/r/sp-error.result	2005-12-07 14:55:08 +01:00
+++ 1.99/mysql-test/r/sp-error.result	2006-01-11 15:10:57 +01:00
@@ -1128,3 +1128,22 @@
 drop function bug11555_1;
 drop table t1;
 drop view v1;
+drop procedure if exists ` bug15658`;
+create procedure ``() select 1;
+ERROR 42000: Incorrect routine name ''
+create procedure ` `() select 1;
+ERROR 42000: Incorrect routine name ' '
+create procedure `bug15658 `() select 1;
+ERROR 42000: Incorrect routine name 'bug15658 '
+create procedure ``.bug15658() select 1;
+ERROR 42000: Incorrect database name ''
+create procedure `x `.bug15658() select 1;
+ERROR 42000: Incorrect database name 'x '
+create procedure ` bug15658`() select 1;
+call ` bug15658`();
+1
+1
+show procedure status;
+Db	Name	Type	Definer	Modified	Created	Security_type	Comment
+test	 bug15658	PROCEDURE	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	DEFINER	
+drop procedure ` bug15658`;

--- 1.100/mysql-test/t/sp-error.test	2005-12-07 12:36:31 +01:00
+++ 1.101/mysql-test/t/sp-error.test	2006-01-11 15:10:57 +01:00
@@ -1556,6 +1556,7 @@
 drop function bug13012_2|
 delimiter ;|
 
+#
 # BUG#11555 "Stored procedures: current SP tables locking make 
 # impossible view security". We should not expose names of tables
 # which are implicitly used by view (via stored routines/triggers).
@@ -1616,7 +1617,33 @@
 drop table t1;
 drop view v1;
 
+#
+# BUG#15658: Server crashes after creating function as empty string
+#
+--disable_warnings
+drop procedure if exists ` bug15658`;
+--enable_warnings
 
+--error ER_SP_WRONG_NAME
+create procedure ``() select 1;
+--error ER_SP_WRONG_NAME
+create procedure ` `() select 1;
+--error ER_SP_WRONG_NAME
+create procedure `bug15658 `() select 1;
+--error ER_WRONG_DB_NAME
+create procedure ``.bug15658() select 1;
+--error ER_WRONG_DB_NAME
+create procedure `x `.bug15658() select 1;
+
+# This should work
+create procedure ` bug15658`() select 1;
+call ` bug15658`();
+--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
+show procedure status;
+drop procedure ` bug15658`;
+
+
+#
 # BUG#NNNN: New bug synopsis
 #
 #--disable_warnings

--- 1.205/sql/sp_head.cc	2006-01-06 14:30:05 +01:00
+++ 1.206/sql/sp_head.cc	2006-01-11 15:10:57 +01:00
@@ -384,6 +384,23 @@
   return qname;
 }
 
+/*
+ * Check that the name 'ident' is ok. It's assumed to be an 'ident'
+ * from the parser, so we only have to check length and trailing spaces.
+ * The former is a standard requirement (and 'show status' assumes a
+ * non-empty name), the latter is a mysql:ism as trailing spaces are
+ * removed by get_field().
+ *
+ * RETURN
+ *  TRUE  - bad name
+ *  FALSE - name is ok
+ */
+
+bool
+sp_name_check(LEX_STRING ident)
+{
+  return (!ident.str || !ident.str[0] || ident.str[ident.length-1] == ' ');
+}
 
 /* ------------------------------------------------------------------ */
 

--- 1.80/sql/sp_head.h	2006-01-05 23:49:23 +01:00
+++ 1.81/sql/sp_head.h	2006-01-11 15:10:57 +01:00
@@ -102,6 +102,8 @@
 sp_name *
 sp_name_current_db_new(THD *thd, LEX_STRING name);
 
+bool
+sp_name_check(LEX_STRING name);
 
 class sp_head :private Query_arena
 {
Thread
bk commit into 5.0 tree (pem:1.2029) BUG#15658pem11 Jan