MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Sergey Glukhov Date:December 23 2009 1:44pm
Subject:bzr commit into mysql-5.1-bugteam branch (Sergey.Glukhov:3294)
Bug#47649
View as plain text  
#At file:///home/gluh/MySQL/mysql-5.1-bugteam/ based on revid:satya.bn@stripped

 3294 Sergey Glukhov	2009-12-23
      Bug#47649 crash during CALL procedure
      If first call of the procedure is failed on
      the open_table stage stmt_arena->state is set to
      EXECUTED state. On second call(if no errors on
      open_table stage) it leads to use of worng memory arena
      in find_field_in_view() function as
      thd->stmt_arena->is_stmt_prepare_or_first_sp_execute()
      returns FALSE for EXECUTED state. The item is created 
      not in its own arena and it leads to crash on further
      calls of the procedure.
      The fix: 
      change state of arena only if
      no errors on open_table stage happens.
     @ mysql-test/r/sp.result
        test result
     @ mysql-test/t/sp.test
        test case
     @ sql/sp_head.cc
        If first call of the procedure is failed on
        the open_table stage stmt_arena->state is set to
        EXECUTED state. On second call(if no errors on
        open_table stage) it leads to use of worng memory arena
        in find_field_in_view() function as
        thd->stmt_arena->is_stmt_prepare_or_first_sp_execute()
        returns FALSE for EXECUTED state. The item is created 
        not in its own arena and it leads to crash on further
        calls of the procedure.
        The fix: 
        change state of arena only if
        no errors on open_table stage happens.

    modified:
      mysql-test/r/sp.result
      mysql-test/t/sp.test
      sql/sp_head.cc
=== modified file 'mysql-test/r/sp.result'
--- a/mysql-test/r/sp.result	2009-11-13 01:03:26 +0000
+++ b/mysql-test/r/sp.result	2009-12-23 13:44:03 +0000
@@ -6963,6 +6963,22 @@ CALL p1();
 CALL p1();
 DROP PROCEDURE p1;
 DROP TABLE t1;
+CREATE TABLE t1 ( f1 integer, primary key (f1));
+CREATE TABLE t2 LIKE t1;
+CREATE TEMPORARY TABLE t3 LIKE t1;
+CREATE PROCEDURE p1 () BEGIN SELECT f1 FROM t3 AS A WHERE A.f1 IN ( SELECT f1 FROM t3 ) ;
+END|
+CALL p1;
+ERROR HY000: Can't reopen table: 'A'
+CREATE VIEW t3 AS SELECT f1 FROM t2 A WHERE A.f1 IN ( SELECT f1 FROM t2 );
+DROP TABLE t3;
+CALL p1;
+f1
+CALL p1;
+f1
+DROP PROCEDURE p1;
+DROP TABLE t1, t2;
+DROP VIEW t3;
 #
 # Bug #46629: Item_in_subselect::val_int(): Assertion `0' 
 # on subquery inside a SP

=== modified file 'mysql-test/t/sp.test'
--- a/mysql-test/t/sp.test	2009-11-13 01:03:26 +0000
+++ b/mysql-test/t/sp.test	2009-12-23 13:44:03 +0000
@@ -8242,6 +8242,25 @@ while ($tab_count)
 DROP PROCEDURE p1;
 DROP TABLE t1;
 
+#
+# Bug#47649 crash during CALL procedure
+#
+CREATE TABLE t1 ( f1 integer, primary key (f1));
+CREATE TABLE t2 LIKE t1;
+CREATE TEMPORARY TABLE t3 LIKE t1;
+delimiter |;
+CREATE PROCEDURE p1 () BEGIN SELECT f1 FROM t3 AS A WHERE A.f1 IN ( SELECT f1 FROM t3 ) ;
+END|
+delimiter ;|
+--error ER_CANT_REOPEN_TABLE
+CALL p1;
+CREATE VIEW t3 AS SELECT f1 FROM t2 A WHERE A.f1 IN ( SELECT f1 FROM t2 );
+DROP TABLE t3;
+CALL p1;
+CALL p1;
+DROP PROCEDURE p1;
+DROP TABLE t1, t2;
+DROP VIEW t3;
 
 --echo #
 --echo # Bug #46629: Item_in_subselect::val_int(): Assertion `0' 

=== modified file 'sql/sp_head.cc'
--- a/sql/sp_head.cc	2009-11-20 20:56:43 +0000
+++ b/sql/sp_head.cc	2009-12-23 13:44:03 +0000
@@ -2773,8 +2773,15 @@ sp_lex_keeper::reset_lex_and_exec_core(T
     m_lex->mark_as_requiring_prelocking(NULL);
   }
   thd->rollback_item_tree_changes();
-  /* Update the state of the active arena. */
-  thd->stmt_arena->state= Query_arena::EXECUTED;
+  /*
+    Update the state of the active arena if no errors on
+    open_tables stage.
+  */
+  if (!res || !thd->is_error() ||
+      (thd->main_da.sql_errno() != ER_CANT_REOPEN_TABLE &&
+       thd->main_da.sql_errno() != ER_NO_SUCH_TABLE &&
+       thd->main_da.sql_errno() != ER_UPDATE_TABLE_USED))
+    thd->stmt_arena->state= Query_arena::EXECUTED;
 
   /*
     Merge here with the saved parent's values


Attachment: [text/bzr-bundle] bzr/sergey.glukhov@sun.com-20091223134403-p8lee8eve2riql83.bundle
Thread
bzr commit into mysql-5.1-bugteam branch (Sergey.Glukhov:3294)Bug#47649Sergey Glukhov23 Dec