database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Bug#29363867: LOST CONNECTION TO MYSQL SERVER DURING QUERY

Browse Source 
The problem is that sharing default expression among set instruction
leads to attempt access result field of function created in
other instruction runtime MEM_ROOT and already freed
(a bit different then MySQL problem).

Fix is the same as in MySQL (but no optimisation for constant), turn
DECLARE a, b, c type DEFAULT expr;
to
DECLARE a type DEFAULT expr, b type DEFAULT a, c type DEFAULT a;
This commit is contained in:
Oleksandr Byelkin
2021-04-27 16:08:33 +02:00
parent e85b389b76
commit 24693c6fcf
4 changed files with 71 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
mysql-test/r/sp.result
View File

@ -8486,4 +8486,19 @@ ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function
DROP PROCEDURE p1;
DROP VIEW v1;
DROP TABLE t1;
#
# BUG#30366310: USING A FUNCTION TO ASSIGN DEFAULT VALUES TO
# 2 OR MORE VARIABLES CRASHES SERVER
#
create function f1() returns bigint return now()-1|
create procedure p1()
begin
declare b, c bigint default f1();
select b-c;
end|
call p1()|
b-c
0
drop procedure p1|
drop function f1|
#End of 10.2 tests

26
mysql-test/suite/funcs_1/r/storedproc.result
View File

@ -7125,7 +7125,7 @@ CALL sp1();
x y z
000 000 000
Warnings:
Warning 1264 Out of range value for column 'z' at row 1
Warning 1264 Out of range value for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7163,7 +7163,7 @@ CALL sp1();
x y z
00000 00000 00000
Warnings:
Warning 1264 Out of range value for column 'z' at row 1
Warning 1264 Out of range value for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7201,7 +7201,7 @@ CALL sp1();
x y z
00000000 00000000 00000000
Warnings:
Warning 1264 Out of range value for column 'z' at row 1
Warning 1264 Out of range value for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7239,7 +7239,7 @@ CALL sp1();
x y z
0000000000 0000000000 0000000000
Warnings:
Warning 1264 Out of range value for column 'z' at row 1
Warning 1264 Out of range value for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7277,7 +7277,7 @@ CALL sp1();
x y z
00000000000000000000 00000000000000000000 00000000000000000000
Warnings:
Warning 1264 Out of range value for column 'z' at row 1
Warning 1264 Out of range value for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7297,7 +7297,7 @@ CALL sp1();
x y z
-9999999999 -9999999999 -9999999999
Warnings:
Warning 1264 Out of range value for column 'z' at row 1
Warning 1264 Out of range value for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7308,7 +7308,7 @@ CALL sp1();
x y z
0 0 0
Warnings:
Note 1265 Data truncated for column 'z' at row 1
Note 1265 Data truncated for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7319,7 +7319,7 @@ CALL sp1();
x y z
0000000000 0000000000 0000000000
Warnings:
Warning 1264 Out of range value for column 'z' at row 1
Warning 1264 Out of range value for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7330,7 +7330,7 @@ CALL sp1();
x y z
0000000000 0000000000 0000000000
Warnings:
Note 1265 Data truncated for column 'z' at row 1
Note 1265 Data truncated for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7341,7 +7341,7 @@ CALL sp1();
x y z
0 0 0
Warnings:
Note 1265 Data truncated for column 'z' at row 1
Note 1265 Data truncated for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7352,7 +7352,7 @@ CALL sp1();
x y z
0 0 0
Warnings:
Note 1265 Data truncated for column 'z' at row 1
Note 1265 Data truncated for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7363,7 +7363,7 @@ CALL sp1();
x y z
0000000000 0000000000 0000000000
Warnings:
Note 1265 Data truncated for column 'z' at row 1
Note 1265 Data truncated for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN
@ -7374,7 +7374,7 @@ CALL sp1();
x y z
0000000000 0000000000 0000000000
Warnings:
Note 1265 Data truncated for column 'z' at row 1
Note 1265 Data truncated for column 'x' at row 1
DROP PROCEDURE IF EXISTS sp1;
CREATE PROCEDURE sp1( )
BEGIN

19
mysql-test/t/sp.test
View File

@ -10025,4 +10025,23 @@ DROP PROCEDURE p1;
DROP VIEW v1;
DROP TABLE t1;
--echo #
--echo # BUG#30366310: USING A FUNCTION TO ASSIGN DEFAULT VALUES TO
--echo # 2 OR MORE VARIABLES CRASHES SERVER
--echo #
delimiter |;
create function f1() returns bigint return now()-1|
create procedure p1()
begin
declare b, c bigint default f1();
select b-c;
end|
call p1()|
drop procedure p1|
drop function f1|
delimiter ;|
--echo #End of 10.2 tests

24
sql/sql_yacc.yy
View File

@ -3104,9 +3104,11 @@ sp_decl:
sp_pcontext *pctx= lex->spcont;
uint num_vars= pctx->context_var_count();
Item *dflt_value_item= $5;
const bool has_default_clause = (dflt_value_item != NULL);
Lex->set_last_field_type($4);
if (!dflt_value_item)
if (!has_default_clause)
{
dflt_value_item= new (thd->mem_root) Item_null(thd);
if (dflt_value_item == NULL)
@ -3114,7 +3116,10 @@ sp_decl:
/* QQ Set to the var_type with null_value? */
}
for (uint i = num_vars-$2 ; i < num_vars ; i++)
sp_variable *first_spvar = NULL;
const uint first_var_num = num_vars - $2;
for (uint i = first_var_num ; i < num_vars ; i++)
{
uint var_idx= pctx->var_context2runtime(i);
sp_variable *spvar= pctx->find_variable(var_idx);
@ -3126,6 +3131,21 @@ sp_decl:
if (!last)
spvar->field_def= *lex->last_field;
if (i == first_var_num) {
first_spvar = spvar;
} else if (has_default_clause) {
Item_splocal *item =
new (thd->mem_root)
Item_splocal(thd, first_spvar->name, first_spvar->offset,
first_spvar->sql_type(), 0, 0);
if (item == NULL)
MYSQL_YYABORT; // OOM
#ifndef DBUG_OFF
item->m_sp = lex->sphead;
#endif
dflt_value_item = item;
}
spvar->default_value= dflt_value_item;
spvar->field_def.field_name= spvar->name.str;