Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on

build) The crash was caused by freeing the internal parser stack during the parser execution. This occured only for complex stored procedures, after reallocating the parser stack using my_yyoverflow(), with the following C call stack: - MYSQLparse() - any rule calling sp_head::restore_lex() - lex_end() - x_free(lex->yacc_yyss), xfree(lex->yacc_yyvs) The root cause is the implementation of stored procedures, which breaks the assumption from 4.1 that there is only one LEX structure per parser call. The solution is to separate the LEX structure into: - attributes that represent a statement (the current LEX structure), - attributes that relate to the syntax parser itself (Yacc_state), so that parsing multiple statements in stored programs can create multiple LEX structures while not changing the unique Yacc_state. Now, Yacc_state and the existing Lex_input_stream are aggregated into Parser_state, a structure that represent the complete state of the (Lexical + Syntax) parser.
2025-07-29 05:21:33 +03:00 · 2008-07-14 15:41:30 -06:00
parent 8c249ba861
commit 0816ee6d34
13 changed files with 848 additions and 84 deletions
--- a/sql/sql_lex.h
+++ b/sql/sql_lex.h
@ -1004,7 +1004,6 @@ typedef struct st_lex : public Query_tables_list
  LEX_STRING comment, ident;
  LEX_USER *grant_user;
  XID *xid;
-  gptr yacc_yyss,yacc_yyvs;
  THD *thd;
  CHARSET_INFO *charset, *underscore_charset;
  bool text_string_is_7bit;
@ -1290,6 +1289,59 @@ typedef struct st_lex : public Query_tables_list
  }
 } LEX;

+
+/**
+  The internal state of the syntax parser.
+  This object is only available during parsing,
+  and is private to the syntax parser implementation (sql_yacc.yy).
+*/
+class Yacc_state
+{
+public:
+  Yacc_state()
+    : yacc_yyss(NULL), yacc_yyvs(NULL)
+  {}
+
+  ~Yacc_state();
+
+  /**
+    Bison internal state stack, yyss, when dynamically allocated using
+    my_yyoverflow().
+  */
+  gptr yacc_yyss;
+
+  /**
+    Bison internal semantic value stack, yyvs, when dynamically allocated using
+    my_yyoverflow().
+  */
+  gptr yacc_yyvs;
+
+  /*
+    TODO: move more attributes from the LEX structure here.
+  */
+};
+
+/**
+  Internal state of the parser.
+  The complete state consist of:
+  - state data used during lexical parsing,
+  - state data used during syntactic parsing.
+*/
+class Parser_state
+{
+public:
+  Parser_state(THD *thd, const char* buff, unsigned int length)
+    : m_lip(thd, buff, length), m_yacc()
+  {}
+
+  ~Parser_state()
+  {}
+
+  Lex_input_stream m_lip;
+  Yacc_state m_yacc;
+};
+
+
 struct st_lex_local: public st_lex
 {
  static void *operator new(size_t size) throw()