MySQL Lists: internals: bk commit into 5.0 tree (bell:1.2017) BUG#13549

List:	Internals	« Previous Message Next Message »
From:	sanja	Date:	October 6 2005 6:06pm
Subject:	bk commit into 5.0 tree (bell:1.2017) BUG#13549
View as plain text
Below is the list of changes that have just been committed into a local
5.0 repository of bell. When bell does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2017 05/10/06 19:06:01 bell@stripped +15 -0
  do not allow SP/Trigger which we are parsing to use other SP context (BUG#13549)

  sql/sql_yacc.yy
    1.432 05/10/06 19:05:53 bell@stripped +19 -3
    protection against using wrong context by SP local variable

  sql/sql_trigger.cc
    1.30 05/10/06 19:05:53 bell@stripped +8 -1
    do not allow Trigger which we are parsing to use other SP context (BUG#13549)

  sql/sql_class.h
    1.269 05/10/06 19:05:53 bell@stripped +4 -0
    protection against using wrong context by SP local variable

  sql/sql_class.cc
    1.214 05/10/06 19:05:53 bell@stripped +8 -1
    protection against using wrong context by SP local variable

  sql/sp_rcontext.h
    1.26 05/10/06 19:05:53 bell@stripped +5 -0
    protection against using wrong context by SP local variable

  sql/sp_pcontext.h
    1.22 05/10/06 19:05:53 bell@stripped +5 -0
    protection against using wrong context by SP local variable

  sql/sp_pcontext.cc
    1.25 05/10/06 19:05:52 bell@stripped +6 -0
    protection against using wrong context by SP local variable

  sql/sp_head.cc
    1.189 05/10/06 19:05:52 bell@stripped +16 -0
    protection against using wrong context by SP local variable

  sql/sp.cc
    1.96 05/10/06 19:05:52 bell@stripped +8 -1
    do not allow SP which we are parsing to use other SP context (BUG#13549)

  sql/item.h
    1.172 05/10/06 19:05:52 bell@stripped +6 -0
    protection against using wrong context by SP local variable

  sql/item.cc
    1.186 05/10/06 19:05:52 bell@stripped +6 -1
    protection against using wrong context by SP local variable

  mysql-test/t/trigger.test
    1.28 05/10/06 19:05:52 bell@stripped +24 -0
    test suite for bug#13549

  mysql-test/t/sp.test
    1.156 05/10/06 19:05:52 bell@stripped +23 -0
    test suite for bug#13549

  mysql-test/r/trigger.result
    1.21 05/10/06 19:05:52 bell@stripped +14 -0
    test suite for bug#13549

  mysql-test/r/sp.result
    1.160 05/10/06 19:05:52 bell@stripped +17 -0
    test suite for bug#13549

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	bell
# Host:	sanja.is.com.ua
# Root:	/home/bell/mysql/bk/work-bug2-5.0

--- 1.185/sql/item.cc	2005-10-01 09:35:10 +03:00
+++ 1.186/sql/item.cc	2005-10-06 19:05:52 +03:00
@@ -868,7 +868,7 @@
 Item_splocal::this_item()
 {
   THD *thd= current_thd;
-
+  DBUG_ASSERT(owner == thd->spcont->owner);
   return thd->spcont->get_item(m_offset);
 }
 
@@ -876,6 +876,7 @@
 Item **
 Item_splocal::this_item_addr(THD *thd, Item **addr)
 {
+  DBUG_ASSERT(owner == thd->spcont->owner);
   return thd->spcont->get_item_addr(m_offset);
 }
 
@@ -884,6 +885,7 @@
 {
   THD *thd= current_thd;
 
+  DBUG_ASSERT(owner == thd->spcont->owner);
   return thd->spcont->get_item(m_offset);
 }
 
@@ -893,7 +895,10 @@
   THD *thd= current_thd;
 
   if (thd->spcont)
+  {
+    DBUG_ASSERT(owner == thd->spcont->owner);
     return thd->spcont->get_item(m_offset)->type();
+  }
   return NULL_ITEM;		// Anything but SUBSELECT_ITEM
 }
 

--- 1.171/sql/item.h	2005-10-03 22:02:18 +03:00
+++ 1.172/sql/item.h	2005-10-06 19:05:52 +03:00
@@ -703,6 +703,8 @@
 };
 
 
+class sp_head;
+
 /*
   A reference to local SP variable (incl. reference to SP parameter), used in
   runtime.
@@ -720,6 +722,10 @@
   uint m_offset;
 
 public:
+#ifndef DEBUG_OFF
+  /* it is to check that sp local variable use correct context */
+  sp_head *owner;
+#endif
   LEX_STRING m_name;
 
   /*

--- 1.213/sql/sql_class.cc	2005-09-22 23:46:50 +03:00
+++ 1.214/sql/sql_class.cc	2005-10-06 19:05:53 +03:00
@@ -1490,7 +1490,14 @@
   {
     my_var *mv= gl++;
     if (mv->local)
-      (void)local_vars.push_back(new Item_splocal(mv->s, mv->offset));
+    {
+      Item_splocal *var;
+      (void)local_vars.push_back(var= new Item_splocal(mv->s, mv->offset));
+#ifndef DEBUG_OFF
+      var->owner= mv->owner;
+      DBUG_PRINT("spcont", ("local variable owner: %lx", (ulong)var->owner));
+#endif
+    }
     else
     {
       Item_func_set_user_var *var= new Item_func_set_user_var(mv->s, item);

--- 1.268/sql/sql_class.h	2005-09-22 23:46:50 +03:00
+++ 1.269/sql/sql_class.h	2005-10-06 19:05:53 +03:00
@@ -2075,6 +2075,10 @@
 class my_var : public Sql_alloc  {
 public:
   LEX_STRING s;
+#ifndef DEBUG_OFF
+  /* it is to check that sp local variable use correct context */
+  sp_head *owner;
+#endif
   bool local;
   uint offset;
   enum_field_types type;

--- 1.431/sql/sql_yacc.yy	2005-09-23 10:18:52 +03:00
+++ 1.432/sql/sql_yacc.yy	2005-10-06 19:05:53 +03:00
@@ -2351,8 +2351,13 @@
 
 	      ivar.str= (char *)"_tmp_";
 	      ivar.length= 5;
-	      Item *var= (Item*) new Item_splocal(ivar, 
-						  ctx->current_pvars()-1);
+	      Item_splocal *var= new Item_splocal(ivar,
+                                                  ctx->current_pvars()-1);
+#ifndef DEBUG_OFF
+              if (var)
+                var->owner= ctx->owner;
+              DBUG_PRINT("spcont", ("var local (1) owner: %lx", (ulong)ctx->owner));
+#endif
 	      Item *expr= new Item_func_eq(var, $2);
 
 	      i= new sp_instr_jump_if_not(ip, ctx, expr, lex);
@@ -5925,7 +5930,13 @@
 	       YYABORT;
 	     else
 	     {
-	       ((select_dumpvar *)lex->result)->var_list.push_back( new
my_var($1,1,t->offset,t->type));
+               my_var *var;
+	       ((select_dumpvar *)lex->result)->
+                 var_list.push_back(var= new my_var($1,1,t->offset,t->type));
+#ifndef DEBUG_OFF
+               var->owner= lex->spcont->owner;
+               DBUG_PRINT("spcont", ("my_var owner: %lx", (ulong)var->owner));
+#endif
 	     }
 	   }
            ;
@@ -7224,6 +7235,11 @@
             Item_splocal *splocal;
             splocal= new Item_splocal($1, spv->offset, lex->tok_start_prev - 
                                       lex->sphead->m_tmp_query);
+#ifndef DEBUG_OFF
+            if (splocal)
+              splocal->owner= spc->owner;
+              DBUG_PRINT("spcont", ("var local (2) owner: %lx", (ulong)spc->owner));
+#endif
 	    $$ = (Item*) splocal;
             lex->variables_used= 1;
 	    lex->safe_to_cache_query=0;

--- 1.20/mysql-test/r/trigger.result	2005-09-03 02:13:09 +03:00
+++ 1.21/mysql-test/r/trigger.result	2005-10-06 19:05:52 +03:00
@@ -738,3 +738,17 @@
 1
 drop trigger t1_bi;
 drop tables t1, t2;
+create table t1 (a int);
+drop procedure if exists p2;
+CREATE PROCEDURE `p2`()
+begin
+insert into t1 values (1);
+end//
+create trigger trg before insert on t1 for each row 
+begin 
+declare done int default 0;
+set done= not done;
+end//
+CALL p2();
+drop procedure p2;
+drop table t1;

--- 1.27/mysql-test/t/trigger.test	2005-09-15 02:56:03 +03:00
+++ 1.28/mysql-test/t/trigger.test	2005-10-06 19:05:52 +03:00
@@ -875,3 +875,27 @@
 drop view v1;
 drop table t1, t2, t3;
 --enable_parsing
+
+#
+# Calling trigger with more variables and NOT before last variable
+# from procedure with less variables (BUG#13549)
+#
+create table t1 (a int);
+--disable_warnings
+drop procedure if exists p2;
+--enable_warnings
+DELIMITER //;
+CREATE PROCEDURE `p2`()
+begin
+  insert into t1 values (1);
+end//
+create trigger trg before insert on t1 for each row 
+begin 
+  declare done int default 0;
+  set done= not done;
+end//
+DELIMITER ;//
+CALL p2();
+drop procedure p2;
+drop table t1;
+

--- 1.29/sql/sql_trigger.cc	2005-09-15 22:29:01 +03:00
+++ 1.30/sql/sql_trigger.cc	2005-10-06 19:05:53 +03:00
@@ -656,11 +656,18 @@
       thd->db= (char *) db;
       while ((trg_create_str= it++))
       {
+        bool res;
         trg_sql_mode= itm++;
         thd->variables.sql_mode= (ulong)*trg_sql_mode;
         lex_start(thd, (uchar*)trg_create_str->str, trg_create_str->length);
 
-        if (yyparse((void *)thd) || thd->is_fatal_error)
+        {
+          sp_rcontext *save_spcont= thd->spcont;
+          thd->spcont= 0;
+          res= yyparse((void *)thd);
+          thd->spcont= save_spcont;
+        }
+        if (res || thd->is_fatal_error)
         {
           /*
             Free lex associated resources

--- 1.159/mysql-test/r/sp.result	2005-10-03 20:00:47 +03:00
+++ 1.160/mysql-test/r/sp.result	2005-10-06 19:05:52 +03:00
@@ -3435,4 +3435,21 @@
 tm1	CREATE TEMPORARY TABLE `tm1` (
   `spv1` decimal(6,3) default NULL
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1
+drop procedure bug12589_1|
+drop procedure bug12589_2|
+drop procedure bug12589_3|
+drop procedure if exists bug13549_1|
+drop procedure if exists bug13549_2|
+CREATE PROCEDURE `bug13549_2`()
+begin
+call bug13549_1();
+end|
+CREATE PROCEDURE `bug13549_1`()
+begin
+declare done int default 0;
+set done= not done;
+end|
+CALL bug13549_2()|
+drop procedure bug13549_2|
+drop procedure bug13549_1|
 drop table t1,t2;

--- 1.155/mysql-test/t/sp.test	2005-10-03 20:00:49 +03:00
+++ 1.156/mysql-test/t/sp.test	2005-10-06 19:05:52 +03:00
@@ -4313,7 +4313,30 @@
 # No warnings here
 call bug12589_2()|
 call bug12589_3()|
+drop procedure bug12589_1|
+drop procedure bug12589_2|
+drop procedure bug12589_3|
 
+#
+# Calling procedure with more variables and NOT before last variable
+# from procedure with less variables (BUG#13549)
+#
+--disable_warnings
+drop procedure if exists bug13549_1|
+drop procedure if exists bug13549_2|
+--enable_warnings
+CREATE PROCEDURE `bug13549_2`()
+begin
+  call bug13549_1();
+end|
+CREATE PROCEDURE `bug13549_1`()
+begin
+  declare done int default 0;
+  set done= not done;
+end|
+CALL bug13549_2()|
+drop procedure bug13549_2|
+drop procedure bug13549_1|
 
 #
 # BUG#NNNN: New bug synopsis

--- 1.95/sql/sp.cc	2005-09-15 22:29:01 +03:00
+++ 1.96/sql/sp.cc	2005-10-06 19:05:52 +03:00
@@ -274,6 +274,7 @@
   String str(buff, sizeof(buff), &my_charset_bin);
   ulong sql_mode;
   Open_tables_state open_tables_state_backup;
+  bool res;
   DBUG_ENTER("db_find_routine");
   DBUG_PRINT("enter", ("type: %d name: %*s",
 		       type, name->m_name.length, name->m_name.str));
@@ -422,7 +423,13 @@
       thd->lex->found_semicolon= tmpfsc;
     }
 
-    if (yyparse(thd) || thd->is_fatal_error || thd->lex->sphead == NULL)
+    {
+      sp_rcontext *save_spcont= thd->spcont;
+      thd->spcont= 0;
+      res= yyparse(thd);
+      thd->spcont= save_spcont;
+    }
+    if (res || thd->is_fatal_error || thd->lex->sphead == NULL)
     {
       LEX *newlex= thd->lex;
       sp_head *sp= newlex->sphead;

--- 1.188/sql/sp_head.cc	2005-09-26 19:21:53 +03:00
+++ 1.189/sql/sp_head.cc	2005-10-06 19:05:52 +03:00
@@ -441,6 +441,10 @@
   DBUG_ENTER("sp_head::init");
 
   lex->spcont= m_pcont= new sp_pcontext(NULL);
+#ifndef DEBUG_OFF
+  m_pcont->owner= this;
+  DBUG_PRINT("spcont", ("pcontext owner: %lx", (ulong)this));
+#endif
   /*
     Altough trg_table_fields list is used only in triggers we init for all
     types of stored procedures to simplify reset_lex()/restore_lex() code.
@@ -1112,6 +1116,10 @@
   // QQ Should have some error checking here? (types, etc...)
   if (!(nctx= new sp_rcontext(csize, hmax, cmax)))
     goto end;
+#ifndef DEBUG_OFF
+  nctx->owner= this;
+  DBUG_PRINT("spcont", ("rcontext owner: %lx", (ulong)this));
+#endif
   for (i= 0 ; i < argcount ; i++)
   {
     sp_pvar_t *pvar = m_pcont->find_pvar(i);
@@ -1256,6 +1264,10 @@
   {				// Create a temporary old context
     if (!(octx= new sp_rcontext(csize, hmax, cmax)))
       DBUG_RETURN(-1);
+#ifndef DEBUG_OFF
+    octx->owner= 0;
+    DBUG_PRINT("spcont", ("rcontext owner: %lx", (ulong)0));
+#endif
     thd->spcont= octx;
 
     /* set callers_arena to thd, for upper-level function to work */
@@ -1267,6 +1279,10 @@
     thd->spcont= save_spcont;
     DBUG_RETURN(-1);
   }
+#ifndef DEBUG_OFF
+  nctx->owner= this;
+  DBUG_PRINT("spcont", ("rcontext owner: %lx", (ulong)this));
+#endif
 
   if (csize > 0 || hmax > 0 || cmax > 0)
   {

--- 1.24/sql/sp_pcontext.cc	2005-09-13 13:50:11 +03:00
+++ 1.25/sql/sp_pcontext.cc	2005-10-06 19:05:52 +03:00
@@ -92,7 +92,13 @@
   sp_pcontext *child= new sp_pcontext(this);
 
   if (child)
+  {
     m_children.push_back(child);
+#ifndef DEBUG_OFF
+    child->owner= owner;
+    DBUG_PRINT("spcont", ("pcontext owner: %lx", (ulong)owner));
+#endif
+  }
   return child;
 }
 

--- 1.21/sql/sp_pcontext.h	2005-09-13 13:50:11 +03:00
+++ 1.22/sql/sp_pcontext.h	2005-10-06 19:05:53 +03:00
@@ -83,6 +83,11 @@
 
  public:
 
+#ifndef DEBUG_OFF
+  /* it is to check that sp local variable use correct context */
+  sp_head *owner;
+#endif
+
   sp_pcontext(sp_pcontext *prev);
 
   // Free memory

--- 1.25/sql/sp_rcontext.h	2005-09-26 19:21:53 +03:00
+++ 1.26/sql/sp_rcontext.h	2005-10-06 19:05:53 +03:00
@@ -66,6 +66,11 @@
   */
   Query_arena *callers_arena;
 
+#ifndef DEBUG_OFF
+  /* it is to check that sp local variable use correct context */
+  sp_head *owner;
+#endif
+
   sp_rcontext(uint fsize, uint hmax, uint cmax);
 
   ~sp_rcontext()
Thread
• bk commit into 5.0 tree (bell:1.2017) BUG#13549	sanja	6 Oct