Sergey Glukhov 877311779d Bug#47649 crash during CALL procedure ...

If first call of the procedure is failed on
the open_table stage stmt_arena->state is set to
EXECUTED state. On second call(if no errors on
open_table stage) it leads to use of worng memory arena
in find_field_in_view() function as
thd->stmt_arena->is_stmt_prepare_or_first_sp_execute()
returns FALSE for EXECUTED state. The item is created 
not in its own arena and it leads to crash on further
calls of the procedure.
The fix: 
change state of arena only if
no errors on open_table stage happens.


mysql-test/r/sp.result:
  test result
mysql-test/t/sp.test:
  test case
sql/sp_head.cc:
  If first call of the procedure is failed on
  the open_table stage stmt_arena->state is set to
  EXECUTED state. On second call(if no errors on
  open_table stage) it leads to use of worng memory arena
  in find_field_in_view() function as
  thd->stmt_arena->is_stmt_prepare_or_first_sp_execute()
  returns FALSE for EXECUTED state. The item is created 
  not in its own arena and it leads to crash on further
  calls of the procedure.
  The fix: 
  change state of arena only if
  no errors on open_table stage happens.

2009-12-23 17:44:03 +04:00

175 KiB

Raw Blame History

View Raw