List:Internals« Previous MessageNext Message »
From:Petr Chardin Date:September 8 2005 6:25pm
Subject:bk commit into 5.0 tree (petr:1.1960) BUG#12849
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of pchardin. When pchardin does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.1960 05/09/08 18:25:42 petr@stripped +5 -0
  fix for Bug #12849 Stored Procedure: Crash on procedure call with CHAR type 'INOUT'
parameter
  (recommit with the right Bug#)

  sql/sp_head.cc
    1.180 05/09/08 18:25:37 petr@stripped +13 -2
    don't employ reuse mechanism to save var into itself

  sql/item.h
    1.168 05/09/08 18:25:37 petr@stripped +8 -0
    added a buffer to save Item_splocal string pointer

  sql/item.cc
    1.174 05/09/08 18:25:37 petr@stripped +18 -1
    protect Item_splocal value from modification by CONCAT() et al

  mysql-test/t/sp.test
    1.144 05/09/08 18:25:37 petr@stripped +26 -0
    added test for the bug

  mysql-test/r/sp.result
    1.149 05/09/08 18:25:37 petr@stripped +19 -0
    result file modified to reflect new test

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	petr
# Host:	production.mysql.com
# Root:	/usersnfs/pchardin/mysql-5.0

--- 1.173/sql/item.cc	2005-09-07 21:29:48 +02:00
+++ 1.174/sql/item.cc	2005-09-08 18:25:37 +02:00
@@ -818,8 +818,25 @@
   DBUG_ASSERT(fixed);
   Item *it= this_item();
   String *ret= it->val_str(sp);
+  /*
+    This way we mark returned value of val_str as const,
+    so that various functions (e.g. CONCAT) won't try to
+    modify the value of the Item. Analogous mechanism is
+    implemented for Item_param.
+    Without this trick Item_splocal could be changed as a
+    side-effect of expression computation. Here is an example
+    of what happens without it: suppose x is varchar local
+    variable in a SP with initial value 'ab' Then
+      select concat(x,'c');
+    would change x's value to 'abc', as Item_func_concat::val_str()
+    would use x's internal buffer to compute the result.
+    This is intended behaviour of Item_func_concat. Comments to
+    Item_param class contain some more details on the topic.
+  */
+  str_value_ptr.set(ret->ptr(), ret->length(),
+                    ret->charset());
   null_value= it->null_value;
-  return ret;
+  return &str_value_ptr;
 }
 
 

--- 1.167/sql/item.h	2005-09-07 20:37:36 +02:00
+++ 1.168/sql/item.h	2005-09-08 18:25:37 +02:00
@@ -715,8 +715,16 @@
 class Item_splocal : public Item
 {
   uint m_offset;
+
 public:
   LEX_STRING m_name;
+
+  /*
+    Buffer, pointing to the string value of the item. We need it to
+    protect internal buffer from changes. See comment to analogous
+    member in Item_param for more details.
+  */
+  String str_value_ptr;
 
   /* 
     Position of this reference to SP variable in the statement (the

--- 1.148/mysql-test/r/sp.result	2005-08-27 12:29:29 +02:00
+++ 1.149/mysql-test/r/sp.result	2005-09-08 18:25:37 +02:00
@@ -3193,4 +3193,23 @@
 return f1;
 end|
 drop function bug9048|
+drop procedure if exists bug12849_1|
+create procedure bug12849_1(inout x char) select x into x|
+set @var='a'|
+call bug12849_1(@var)|
+select @var|
+@var
+a
+drop procedure bug12849_1|
+drop procedure if exists bug12849_2|
+create procedure bug12849_2(inout foo varchar(15))
+begin
+select concat(foo, foo) INTO foo;
+end|
+set @var='abcd'|
+call bug12849_2(@var)|
+select @var|
+@var
+abcdabcd
+drop procedure bug12849_2|
 drop table t1,t2;

--- 1.143/mysql-test/t/sp.test	2005-09-01 20:02:04 +02:00
+++ 1.144/mysql-test/t/sp.test	2005-09-08 18:25:37 +02:00
@@ -4044,6 +4044,32 @@
 drop function bug9048|
 
 #
+# Bug #12849 Stored Procedure: Crash on procedure call with CHAR type
+# 'INOUT' parameter
+#
+
+--disable_warnings
+drop procedure if exists bug12849_1|
+--enable_warnings
+create procedure bug12849_1(inout x char) select x into x|
+set @var='a'|
+call bug12849_1(@var)|
+select @var|
+drop procedure bug12849_1|
+
+--disable_warnings
+drop procedure if exists bug12849_2|
+--enable_warnings
+create procedure bug12849_2(inout foo varchar(15))
+begin
+select concat(foo, foo) INTO foo;
+end|
+set @var='abcd'|
+call bug12849_2(@var)|
+select @var|
+drop procedure bug12849_2|
+
+#
 # BUG#NNNN: New bug synopsis
 #
 #--disable_warnings

--- 1.179/sql/sp_head.cc	2005-09-03 01:13:09 +02:00
+++ 1.180/sql/sp_head.cc	2005-09-08 18:25:37 +02:00
@@ -275,8 +275,19 @@
     }
     DBUG_PRINT("info",("STRING_RESULT: %*s",
                        s->length(), s->c_ptr_quick()));
-    CHARSET_INFO *itcs= it->collation.collation;
-    CREATE_ON_CALLERS_ARENA(it= new(reuse, &rsize) Item_string(itcs),
+    /*
+      Reuse mechanism in sp_eval_func_item() is only employed for assignments
+      to local variables and OUT/INOUT SP parameters repsesented by
+      Item_splocal. Usually we have some expression, which needs
+      to be calculated and stored into the local variable. However in the
+      case if "it" equals to "reuse", there is no "calculation" step. So,
+      no reason to employ reuse mechanism to save variable into itself.
+    */
+    if (it == reuse)
+      DBUG_RETURN(it);
+
+    CREATE_ON_CALLERS_ARENA(it= new(reuse, &rsize)
+                            Item_string(it->collation.collation),
                             use_callers_arena, &backup_arena);
     /*
       We have to use special constructor and allocate string
Thread
bk commit into 5.0 tree (petr:1.1960) BUG#12849Petr Chardin8 Sep