diff options
| author | Oleksandr Byelkin <sanja@mariadb.com> | 2021-04-27 16:08:33 +0200 |
|---|---|---|
| committer | Oleksandr Byelkin <sanja@mariadb.com> | 2021-04-28 11:31:18 +0200 |
| commit | 24693c6fcf041f5ee7d5c9d3215094bde6da4bc8 (patch) | |
| tree | 232147cc05bad00fc83c9395aa461b8e86e9639d | |
| parent | e85b389b762e038bc2e347421fa39636159b53b9 (diff) | |
| download | mariadb-git-bb-10.2-BUG29363867.tar.gz | |
Bug#29363867: LOST CONNECTION TO MYSQL SERVER DURING QUERYbb-10.2-BUG29363867
The problem is that sharing default expression among set instruction
leads to attempt access result field of function created in
other instruction runtime MEM_ROOT and already freed
(a bit different then MySQL problem).
Fix is the same as in MySQL (but no optimisation for constant), turn
DECLARE a, b, c type DEFAULT expr;
to
DECLARE a type DEFAULT expr, b type DEFAULT a, c type DEFAULT a;
| -rw-r--r-- | mysql-test/r/sp.result | 15 | ||||
| -rw-r--r-- | mysql-test/suite/funcs_1/r/storedproc.result | 26 | ||||
| -rw-r--r-- | mysql-test/t/sp.test | 19 | ||||
| -rw-r--r-- | sql/sql_yacc.yy | 28 |
4 files changed, 71 insertions, 17 deletions
diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result index b679f3f54fc..25675a11f4a 100644 --- a/mysql-test/r/sp.result +++ b/mysql-test/r/sp.result @@ -8486,4 +8486,19 @@ ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function DROP PROCEDURE p1; DROP VIEW v1; DROP TABLE t1; +# +# BUG#30366310: USING A FUNCTION TO ASSIGN DEFAULT VALUES TO +# 2 OR MORE VARIABLES CRASHES SERVER +# +create function f1() returns bigint return now()-1| +create procedure p1() +begin +declare b, c bigint default f1(); +select b-c; +end| +call p1()| +b-c +0 +drop procedure p1| +drop function f1| #End of 10.2 tests diff --git a/mysql-test/suite/funcs_1/r/storedproc.result b/mysql-test/suite/funcs_1/r/storedproc.result index ac48e20eaed..516ea983563 100644 --- a/mysql-test/suite/funcs_1/r/storedproc.result +++ b/mysql-test/suite/funcs_1/r/storedproc.result @@ -7125,7 +7125,7 @@ CALL sp1(); x y z 000 000 000 Warnings: -Warning 1264 Out of range value for column 'z' at row 1 +Warning 1264 Out of range value for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7163,7 +7163,7 @@ CALL sp1(); x y z 00000 00000 00000 Warnings: -Warning 1264 Out of range value for column 'z' at row 1 +Warning 1264 Out of range value for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7201,7 +7201,7 @@ CALL sp1(); x y z 00000000 00000000 00000000 Warnings: -Warning 1264 Out of range value for column 'z' at row 1 +Warning 1264 Out of range value for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7239,7 +7239,7 @@ CALL sp1(); x y z 0000000000 0000000000 0000000000 Warnings: -Warning 1264 Out of range value for column 'z' at row 1 +Warning 1264 Out of range value for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7277,7 +7277,7 @@ CALL sp1(); x y z 00000000000000000000 00000000000000000000 00000000000000000000 Warnings: -Warning 1264 Out of range value for column 'z' at row 1 +Warning 1264 Out of range value for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7297,7 +7297,7 @@ CALL sp1(); x y z -9999999999 -9999999999 -9999999999 Warnings: -Warning 1264 Out of range value for column 'z' at row 1 +Warning 1264 Out of range value for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7308,7 +7308,7 @@ CALL sp1(); x y z 0 0 0 Warnings: -Note 1265 Data truncated for column 'z' at row 1 +Note 1265 Data truncated for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7319,7 +7319,7 @@ CALL sp1(); x y z 0000000000 0000000000 0000000000 Warnings: -Warning 1264 Out of range value for column 'z' at row 1 +Warning 1264 Out of range value for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7330,7 +7330,7 @@ CALL sp1(); x y z 0000000000 0000000000 0000000000 Warnings: -Note 1265 Data truncated for column 'z' at row 1 +Note 1265 Data truncated for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7341,7 +7341,7 @@ CALL sp1(); x y z 0 0 0 Warnings: -Note 1265 Data truncated for column 'z' at row 1 +Note 1265 Data truncated for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7352,7 +7352,7 @@ CALL sp1(); x y z 0 0 0 Warnings: -Note 1265 Data truncated for column 'z' at row 1 +Note 1265 Data truncated for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7363,7 +7363,7 @@ CALL sp1(); x y z 0000000000 0000000000 0000000000 Warnings: -Note 1265 Data truncated for column 'z' at row 1 +Note 1265 Data truncated for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN @@ -7374,7 +7374,7 @@ CALL sp1(); x y z 0000000000 0000000000 0000000000 Warnings: -Note 1265 Data truncated for column 'z' at row 1 +Note 1265 Data truncated for column 'x' at row 1 DROP PROCEDURE IF EXISTS sp1; CREATE PROCEDURE sp1( ) BEGIN diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test index f13b3fbc281..0ef5e7d0b6e 100644 --- a/mysql-test/t/sp.test +++ b/mysql-test/t/sp.test @@ -10025,4 +10025,23 @@ DROP PROCEDURE p1; DROP VIEW v1; DROP TABLE t1; + +--echo # +--echo # BUG#30366310: USING A FUNCTION TO ASSIGN DEFAULT VALUES TO +--echo # 2 OR MORE VARIABLES CRASHES SERVER +--echo # + +delimiter |; +create function f1() returns bigint return now()-1| +create procedure p1() +begin + declare b, c bigint default f1(); + select b-c; +end| +call p1()| +drop procedure p1| +drop function f1| +delimiter ;| + + --echo #End of 10.2 tests diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 6eb47f1e49f..387c77a4ef5 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -3104,17 +3104,22 @@ sp_decl: sp_pcontext *pctx= lex->spcont; uint num_vars= pctx->context_var_count(); Item *dflt_value_item= $5; + const bool has_default_clause = (dflt_value_item != NULL); Lex->set_last_field_type($4); - if (!dflt_value_item) + + if (!has_default_clause) { dflt_value_item= new (thd->mem_root) Item_null(thd); if (dflt_value_item == NULL) MYSQL_YYABORT; /* QQ Set to the var_type with null_value? */ } - - for (uint i = num_vars-$2 ; i < num_vars ; i++) + + sp_variable *first_spvar = NULL; + const uint first_var_num = num_vars - $2; + + for (uint i = first_var_num ; i < num_vars ; i++) { uint var_idx= pctx->var_context2runtime(i); sp_variable *spvar= pctx->find_variable(var_idx); @@ -3126,9 +3131,24 @@ sp_decl: if (!last) spvar->field_def= *lex->last_field; + if (i == first_var_num) { + first_spvar = spvar; + } else if (has_default_clause) { + Item_splocal *item = + new (thd->mem_root) + Item_splocal(thd, first_spvar->name, first_spvar->offset, + first_spvar->sql_type(), 0, 0); + if (item == NULL) + MYSQL_YYABORT; // OOM +#ifndef DBUG_OFF + item->m_sp = lex->sphead; +#endif + dflt_value_item = item; + } + spvar->default_value= dflt_value_item; spvar->field_def.field_name= spvar->name.str; - + if (lex->sphead->fill_field_definition(thd, lex, &spvar->field_def)) { |