List:Internals« Previous MessageNext Message »
From:konstantin Date:December 6 2005 8:10pm
Subject:bk commit into 5.0 tree (konstantin:1.1980) BUG#15392
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of kostja. When kostja does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.1980 05/12/06 22:10:14 konstantin@stripped +3 -0
  A fix and a test case for Bug#15392 "Server crashes during
   prepared statement execute

  sql/sp_head.cc
    1.198 05/12/06 22:10:06 konstantin@stripped +11 -10
    A fix for Bug#15392 "Server crashes during prepared statement
    execute": the bug was caused by mysql_change_db() call
    which was overwriting the error state of 'ret'.
    Later in the code, suv->fix_fields() would discover
    thd->net.report_error and return it without completing
    its work. As the return value of fix_fields() was ignored,
    the server would afterwards crash in suv->update().
    The fix makes sure that a possible internal error
    is raised in reset_lex_and_exec_core and then is
    handled in sp_head::execute_procedure.

  mysql-test/t/sp.test
    1.166 05/12/06 22:10:06 konstantin@stripped +46 -0
    A test case for Bug#15392 "Server crashes during prepared 
    statement execute". No test case for error in 
    Item_func_set_user_var::update as the only possible one is OOM.

  mysql-test/r/sp.result
    1.173 05/12/06 22:10:06 konstantin@stripped +39 -0
    Test results fixed: a fix for Bug#15392

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	konstantin
# Host:	dragonfly.local
# Root:	/opt/local/work/mysql-5.0-15392

--- 1.172/mysql-test/r/sp.result	2005-12-03 16:40:19 +03:00
+++ 1.173/mysql-test/r/sp.result	2005-12-06 22:10:06 +03:00
@@ -4153,4 +4153,43 @@
 a - local variable in a nested compound statement
 A local variable in a nested compound statement takes precedence over table column in
cursors
 a - local variable in a nested compound statement
+drop schema if exists mysqltest1|
+Warnings:
+Note	1008	Can't drop database 'mysqltest1'; database doesn't exist
+drop schema if exists mysqltest2|
+Warnings:
+Note	1008	Can't drop database 'mysqltest2'; database doesn't exist
+drop schema if exists mysqltest3|
+Warnings:
+Note	1008	Can't drop database 'mysqltest3'; database doesn't exist
+create schema mysqltest1|
+create schema mysqltest2|
+create schema mysqltest3|
+use mysqltest3|
+create procedure mysqltest1.p1 (out prequestid varchar(100))
+begin
+call mysqltest2.p2('call mysqltest3.p3(1, 2)');
+end|
+create procedure mysqltest2.p2(in psql text)
+begin
+declare lsql text;
+set @lsql= psql;
+prepare lstatement from @lsql;
+execute lstatement;
+deallocate prepare lstatement;
+end|
+create procedure mysqltest3.p3(in p1 int)
+begin
+select p1;
+end|
+call mysqltest1.p1(@rs)|
+ERROR 42000: Incorrect number of arguments for PROCEDURE mysqltest3.p3; expected 1, got 2
+call mysqltest1.p1(@rs)|
+ERROR 42000: Incorrect number of arguments for PROCEDURE mysqltest3.p3; expected 1, got 2
+call mysqltest1.p1(@rs)|
+ERROR 42000: Incorrect number of arguments for PROCEDURE mysqltest3.p3; expected 1, got 2
+drop schema if exists mysqltest1|
+drop schema if exists mysqltest2|
+drop schema if exists mysqltest3|
+use test|
 drop table t1,t2;

--- 1.165/mysql-test/t/sp.test	2005-12-03 16:40:19 +03:00
+++ 1.166/mysql-test/t/sp.test	2005-12-06 22:10:06 +03:00
@@ -4946,6 +4946,52 @@
 call p1("a - stored procedure parameter")|
 
 #
+# A test case for Bug#15392 "Server crashes during prepared statement
+# execute": make sure that stored procedure check for error conditions
+# properly and do not continue execution if an error has been set. 
+#
+# It's necessary to use several DBs because in the original code
+# the successful return of mysql_change_db overrode the error from
+# execution.
+drop schema if exists mysqltest1|
+drop schema if exists mysqltest2|
+drop schema if exists mysqltest3|
+create schema mysqltest1|
+create schema mysqltest2|
+create schema mysqltest3|
+use mysqltest3|
+
+create procedure mysqltest1.p1 (out prequestid varchar(100))
+begin
+  call mysqltest2.p2('call mysqltest3.p3(1, 2)');
+end|
+
+create procedure mysqltest2.p2(in psql text)
+begin
+  declare lsql text;
+  set @lsql= psql;
+  prepare lstatement from @lsql;
+  execute lstatement;
+  deallocate prepare lstatement;
+end|
+
+create procedure mysqltest3.p3(in p1 int)
+begin
+  select p1;
+end|
+
+--error ER_SP_WRONG_NO_OF_ARGS
+call mysqltest1.p1(@rs)|
+--error ER_SP_WRONG_NO_OF_ARGS
+call mysqltest1.p1(@rs)|
+--error ER_SP_WRONG_NO_OF_ARGS
+call mysqltest1.p1(@rs)|
+drop schema if exists mysqltest1|
+drop schema if exists mysqltest2|
+drop schema if exists mysqltest3|
+use test|
+
+#
 # BUG#NNNN: New bug synopsis
 #
 #--disable_warnings

--- 1.197/sql/sp_head.cc	2005-12-03 16:40:20 +03:00
+++ 1.198/sql/sp_head.cc	2005-12-06 22:10:06 +03:00
@@ -1137,10 +1137,12 @@
      original thd->db will then have been freed */
   if (dbchanged)
   {
-    /* No access check when changing back to where we came from.
-       (It would generate an error from mysql_change_db() when olddb=="") */
+    /*
+      No access check when changing back to where we came from.
+      (It would generate an error from mysql_change_db() when olddb=="")
+    */
     if (! thd->killed)
-      ret= mysql_change_db(thd, olddb, 1);
+      ret|= mysql_change_db(thd, olddb, 1);
   }
   m_flags&= ~IS_INVOKED;
   DBUG_PRINT("info", ("first free for 0x%lx --: 0x%lx->0x%lx, level: %lu, flags %x",
@@ -1519,13 +1521,12 @@
 
 	    suv= new Item_func_set_user_var(guv->get_name(), item);
 	    /*
-	      we do not check suv->fixed, because it can't be fixed after
-	      creation
+	      We do not check suv->fixed, because it can't be fixed after
+	      creation.
 	    */
-	    suv->fix_fields(thd, &item);
-	    suv->fix_length_and_dec();
-	    suv->check();
-	    suv->update();
+            if ((ret= test(!suv || suv->fix_fields(thd, &item) ||
+                           suv->check() || suv->update())))
+              break;
 	  }
 	}
       }
@@ -2097,7 +2098,7 @@
 
     cleanup_items() is called in sp_head::execute()
   */
-  return res;
+  return res || thd->net.report_error;
 }
Thread
bk commit into 5.0 tree (konstantin:1.1980) BUG#15392konstantin6 Dec