List:Commits« Previous MessageNext Message »
From:Evgeny Potemkin Date:November 30 2009 11:50am
Subject:bzr commit into mysql-5.0-bugteam branch (epotemkin:2850) Bug#48508
View as plain text  
#At file:///work/bzrroot/48508-bug-5.0-bugteam/ based on revid:alexey.kopytov@stripped

 2850 Evgeny Potemkin	2009-11-30
      Bug#48508: Crash on prepared statement re-execution.
      
      Actually there is two different bugs.
      The first one caused crash on queries with WHERE condition over views
      containing WHERE condition. A wrong check for prepared statement phase led
      to items for view fields being allocated in the execution memory and freed
      at the end of execution. Thus the optimized WHERE condition refers to
      unallocated memory on the second execution and server crashed.
      The second one caused by the Item_cond::compile function not saving changes
      it made to the item tree. Thus on the next execution changes weren't
      reverted and server crashed on dereferencing of unallocated space.
      
      The Query_arena::is_stmt_prepare_or_first_sp_execute function now correctly
      do its check.
      The Item_cond::compile function now saves changes it makes to item tree.
     @ mysql-test/r/ps.result
        Added a test case for the bug#48508.
     @ mysql-test/t/ps.test
        Added a test case for the bug#48508.
     @ sql/item_cmpfunc.cc
        Bug#48508: Crash on prepared statement re-execution.
        The Item_cond::compile function now saves changes it makes to item tree.
     @ sql/sql_class.h
        Bug#48508: Crash on prepared statement re-execution.
        The Query_arena::is_stmt_prepare_or_first_sp_execute function now correctly
        do its check.

    modified:
      mysql-test/r/ps.result
      mysql-test/t/ps.test
      sql/item_cmpfunc.cc
      sql/sql_class.h
=== modified file 'mysql-test/r/ps.result'
--- a/mysql-test/r/ps.result	2009-02-27 16:07:58 +0000
+++ b/mysql-test/r/ps.result	2009-11-30 11:50:38 +0000
@@ -1891,4 +1891,27 @@ execute stmt using @arg;
 ?
 -12345.5432100000
 deallocate prepare stmt;
+#
+# Bug#48508: Crash on prepared statement re-execution.
+#
+create table t1(b int);
+insert into t1 values (0);
+create view v1 AS select 1 as a from t1 where b;
+prepare stmt from "select * from v1 where a";
+execute stmt;
+a
+execute stmt;
+a
+drop table t1;
+drop view v1;
+create table t1(a bigint);
+create table t2(b tinyint);
+insert into t2 values (null);
+prepare stmt from "select 1 from t1 join  t2 on a xor b where b > 1  and a =1";
+execute stmt;
+1
+execute stmt;
+1
+drop table t1,t2;
+#
 End of 5.0 tests.

=== modified file 'mysql-test/t/ps.test'
--- a/mysql-test/t/ps.test	2009-02-25 10:37:30 +0000
+++ b/mysql-test/t/ps.test	2009-11-30 11:50:38 +0000
@@ -1973,4 +1973,25 @@ select @arg;
 execute stmt using @arg;
 deallocate prepare stmt;
 
+--echo #
+--echo # Bug#48508: Crash on prepared statement re-execution.
+--echo #
+create table t1(b int);
+insert into t1 values (0);
+create view v1 AS select 1 as a from t1 where b;
+prepare stmt from "select * from v1 where a";
+execute stmt;
+execute stmt;
+drop table t1;
+drop view v1;
+
+create table t1(a bigint);
+create table t2(b tinyint);
+insert into t2 values (null);
+prepare stmt from "select 1 from t1 join  t2 on a xor b where b > 1  and a =1";
+execute stmt;
+execute stmt;
+drop table t1,t2;
+--echo #
+
 --echo End of 5.0 tests.

=== modified file 'sql/item_cmpfunc.cc'
--- a/sql/item_cmpfunc.cc	2009-08-28 15:51:31 +0000
+++ b/sql/item_cmpfunc.cc	2009-11-30 11:50:38 +0000
@@ -3907,7 +3907,7 @@ Item *Item_cond::compile(Item_analyzer a
     byte *arg_v= *arg_p;
     Item *new_item= item->compile(analyzer, &arg_v, transformer, arg_t);
     if (new_item && new_item != item)
-      li.replace(new_item);
+      current_thd->change_item_tree(li.ref(), new_item);
   }
   return Item_func::transform(transformer, arg_t);
 }

=== modified file 'sql/sql_class.h'
--- a/sql/sql_class.h	2009-10-20 04:42:10 +0000
+++ b/sql/sql_class.h	2009-11-30 11:50:38 +0000
@@ -758,7 +758,7 @@ public:
   inline bool is_first_sp_execute() const
   { return state == INITIALIZED_FOR_SP; }
   inline bool is_stmt_prepare_or_first_sp_execute() const
-  { return (int)state < (int)PREPARED; }
+  { return (int)state <= (int)PREPARED; }
   inline bool is_first_stmt_execute() const { return state == PREPARED; }
   inline bool is_stmt_execute() const
   { return state == PREPARED || state == EXECUTED; }


Attachment: [text/bzr-bundle] bzr/epotemkin@mysql.com-20091130115038-zco36oad6m92d20b.bundle
Thread
bzr commit into mysql-5.0-bugteam branch (epotemkin:2850) Bug#48508Evgeny Potemkin30 Nov
  • Re: bzr commit into mysql-5.0-bugteam branch (epotemkin:2850) Bug#48508Øystein Grøvlen1 Dec
    • Re: bzr commit into mysql-5.0-bugteam branch (epotemkin:2850) Bug#48508Evgeny Potemkin1 Dec