MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Davi Arnaut Date:February 15 2008 11:41am
Subject:bk commit into 5.1 tree (davi:1.2552) BUG#34587
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of davi.  When davi does a push these changes
will be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2008-02-15 09:40:55-02:00, davi@stripped +5 -0
  Bug#34587 Creating a view inside a stored procedure leads to a server crash
  
  The problem is that when a stored procedure is being parsed for
  the first execution, the body is copied to a temporary buffer
  which is disregarded sometime after the statement is parsed.
  And during this parsing phase, the rule for CREATE VIEW was
  holding a reference to the string being parsed for use during
  the execution of the CREATE VIEW statement, leading to invalid
  memory access later.
  
  The solution is to allocate and copy the SELECT of a CREATE
  VIEW statement using the thread memory root, which is set to
  the permanent arena of the stored procedure. 

  mysql-test/r/view.result@stripped, 2008-02-15 09:40:53-02:00, davi@stripped +10 -0
    Add test case result for Bug#34587

  mysql-test/t/view.test@stripped, 2008-02-15 09:40:53-02:00, davi@stripped +20 -0
    Add test case for Bug#34587

  sql/sql_lex.h@stripped, 2008-02-15 09:40:53-02:00, davi@stripped +2 -4
    Remove start and end position variables. The SELECT of a
    CREATE VIEW is now allocated at parse time.

  sql/sql_view.cc@stripped, 2008-02-15 09:40:53-02:00, davi@stripped +3 -5
    Remove assertion that is not true when the statement is
    being re-executed. Use string that was trimmed of leading
    and trailing whitespace at parse time.

  sql/sql_yacc.yy@stripped, 2008-02-15 09:40:53-02:00, davi@stripped +6 -2
    Allocate the SELECT of a CREATE VIEW using the current thread
    memory root and remove any leading and trailing whitespace.

diff -Nrup a/mysql-test/r/view.result b/mysql-test/r/view.result
--- a/mysql-test/r/view.result	2008-02-12 17:09:14 -02:00
+++ b/mysql-test/r/view.result	2008-02-15 09:40:53 -02:00
@@ -3720,6 +3720,16 @@ DROP VIEW v1;
 
 # -- End of test case for Bug#32538.
 
+drop view if exists a;
+drop procedure if exists p;
+create procedure p()
+begin
+declare continue handler for sqlexception begin end;
+create view a as select 1;
+end|
+call p();
+call p();
+drop procedure p;
 # -----------------------------------------------------------------
 # -- End of 5.1 tests.
 # -----------------------------------------------------------------
diff -Nrup a/mysql-test/t/view.test b/mysql-test/t/view.test
--- a/mysql-test/t/view.test	2008-02-12 17:09:14 -02:00
+++ b/mysql-test/t/view.test	2008-02-15 09:40:53 -02:00
@@ -3601,6 +3601,26 @@ DROP VIEW v1;
 --echo # -- End of test case for Bug#32538.
 --echo
 
+#
+# Bug#34587 Creating a view inside a stored procedure leads to a server crash
+#
+
+--disable_warnings
+drop view if exists a;
+drop procedure if exists p;
+--enable_warnings
+
+delimiter |;
+create procedure p()
+begin
+  declare continue handler for sqlexception begin end;
+  create view a as select 1;
+end|
+delimiter ;|
+call p();
+call p();
+drop procedure p;
+
 ###########################################################################
 
 --echo # -----------------------------------------------------------------
diff -Nrup a/sql/sql_lex.h b/sql/sql_lex.h
--- a/sql/sql_lex.h	2007-12-14 15:01:43 -02:00
+++ b/sql/sql_lex.h	2008-02-15 09:40:53 -02:00
@@ -1513,10 +1513,8 @@ typedef struct st_lex : public Query_tab
   /* store original leaf_tables for INSERT SELECT and PS/SP */
   TABLE_LIST *leaf_tables_insert;
 
-  /** Start of SELECT of CREATE VIEW statement */
-  const char* create_view_select_start;
-  /** End of SELECT of CREATE VIEW statement */
-  const char* create_view_select_end;
+  /** SELECT of CREATE VIEW statement */
+  LEX_STRING create_view_select;
 
   /** Start of 'ON table', in trigger statements.  */
   const char* raw_trg_on_table_name_begin;
diff -Nrup a/sql/sql_view.cc b/sql/sql_view.cc
--- a/sql/sql_view.cc	2008-02-08 13:55:04 -02:00
+++ b/sql/sql_view.cc	2008-02-15 09:40:53 -02:00
@@ -237,7 +237,7 @@ bool mysql_create_view(THD *thd, TABLE_L
 
   /* This is ensured in the parser. */
   DBUG_ASSERT(!lex->proc_list.first && !lex->result &&
-              !lex->param_list.elements && !lex->derived_tables);
+              !lex->param_list.elements);
 
   if (mode != VIEW_CREATE_NEW)
   {
@@ -719,10 +719,8 @@ static int mysql_register_view(THD *thd,
   view->select_stmt.str= view_query.c_ptr_safe();
   view->select_stmt.length= view_query.length();
 
-  view->source.str= (char*) thd->lex->create_view_select_start;
-  view->source.length= (thd->lex->create_view_select_end
-                        - thd->lex->create_view_select_start);
-  trim_whitespace(thd->charset(), & view->source);
+  view->source.str= thd->lex->create_view_select.str;
+  view->source.length= thd->lex->create_view_select.length;
 
   view->file_version= 1;
   view->calc_md5(md5);
diff -Nrup a/sql/sql_yacc.yy b/sql/sql_yacc.yy
--- a/sql/sql_yacc.yy	2008-02-12 17:09:14 -02:00
+++ b/sql/sql_yacc.yy	2008-02-15 09:40:53 -02:00
@@ -12056,18 +12056,22 @@ view_select:
             lex->parsing_options.allows_select_into= FALSE;
             lex->parsing_options.allows_select_procedure= FALSE;
             lex->parsing_options.allows_derived= FALSE;
-            lex->create_view_select_start= lip->get_cpp_ptr();
+            lex->create_view_select.str= (char *) lip->get_cpp_ptr();
           }
           view_select_aux view_check_option
           {
             THD *thd= YYTHD;
             LEX *lex= Lex;
             Lex_input_stream *lip= thd->m_lip;
+            uint len= lip->get_cpp_ptr() - lex->create_view_select.str;
+            void *create_view_select= thd->memdup(lex->create_view_select.str, len);
+            lex->create_view_select.length= len;
+            lex->create_view_select.str= (char *) create_view_select;
+            trim_whitespace(thd->charset(), &lex->create_view_select);
             lex->parsing_options.allows_variable= TRUE;
             lex->parsing_options.allows_select_into= TRUE;
             lex->parsing_options.allows_select_procedure= TRUE;
             lex->parsing_options.allows_derived= TRUE;
-            lex->create_view_select_end= lip->get_cpp_ptr();
           }
         ;
 
Thread
bk commit into 5.1 tree (davi:1.2552) BUG#34587Davi Arnaut15 Feb
  • Re: bk commit into 5.1 tree (davi:1.2552) BUG#34587Konstantin Osipov20 Feb