database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-32640 Reset thd->lex->mi.connection_name.str towards the end of mysql_execute_command

Browse Source 
Reset the connection_name to contain a null string, if the pointer
points to the same space as that of the system variable
default_master_connection.

We do this because the system variable may be updated which could free
the pointer and create a new one, causing use-after-free for
re-execution of prepared statements and stored procedures where the
LEX may be reused.

This allows connection_name to be set again be to the system variable
pointer in the next call of this function (see earlier in this
function), after any possible updates to the system variable.
This commit is contained in:
Yuchen Pei
2024-05-06 14:46:18 +10:00
parent 0e8e157510
commit b86a2f03b6
3 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
mysql-test/suite/sys_vars/r/mdev_32640.result Normal file
View File

@ -0,0 +1,15 @@
PREPARE s_1 FROM 'SHOW RELAYLOG EVENTS';
/* 1 */ SET default_master_connection='MASTER';
/* 1 */ EXECUTE s_1;
ERROR HY000: There is no master connection 'MASTER'
/* 2 */ SET default_master_connection='MASTER';
/* 2 */ EXECUTE s_1;
ERROR HY000: There is no master connection 'MASTER'
create procedure p() SHOW RELAYLOG EVENTS;
/* 1 */ SET default_master_connection='MASTER';
/* 1 */ call p;
ERROR HY000: There is no master connection 'MASTER'
/* 2 */ SET default_master_connection='MASTER';
/* 2 */ call p;
ERROR HY000: There is no master connection 'MASTER'
drop procedure p;

18
mysql-test/suite/sys_vars/t/mdev_32640.test Normal file
View File

@ -0,0 +1,18 @@
--source include/not_embedded.inc
PREPARE s_1 FROM 'SHOW RELAYLOG EVENTS';
/* 1 */ SET default_master_connection='MASTER';
--error WARN_NO_MASTER_INFO
/* 1 */ EXECUTE s_1;
/* 2 */ SET default_master_connection='MASTER';
--error WARN_NO_MASTER_INFO
/* 2 */ EXECUTE s_1;
create procedure p() SHOW RELAYLOG EVENTS;
/* 1 */ SET default_master_connection='MASTER';
--error WARN_NO_MASTER_INFO
/* 1 */ call p;
/* 2 */ SET default_master_connection='MASTER';
--error WARN_NO_MASTER_INFO
/* 2 */ call p;
drop procedure p;

18
sql/sql_parse.cc
View File

@ -5993,6 +5993,24 @@ finish:
thd->wsrep_PA_safe= true; thd->wsrep_PA_safe= true;
#endif /* WITH_WSREP */ #endif /* WITH_WSREP */
/*
Reset the connection_name to contain a null string, if the
pointer points to the same space as that of the system variable
default_master_connection.
We do this because the system variable may be updated which could
free the pointer and create a new one, causing use-after-free for
re-execution of prepared statements and stored procedures where
the LEX may be reused.
This allows connection_name to be set again be to the system
variable pointer in the next call of this function (see earlier in
this function), after any possible updates to the system variable.
*/
if (thd->lex->mi.connection_name.str ==
thd->variables.default_master_connection.str)
thd->lex->mi.connection_name= null_clex_str;
if (lex->sql_command != SQLCOM_SET_OPTION) if (lex->sql_command != SQLCOM_SET_OPTION)
DEBUG_SYNC(thd, "end_of_statement"); DEBUG_SYNC(thd, "end_of_statement");
DBUG_RETURN(res || thd->is_error()); DBUG_RETURN(res || thd->is_error());