diff options
| author | Gleb Shchepa <gshchepa@mysql.com> | 2009-01-23 22:18:02 +0400 |
|---|---|---|
| committer | Gleb Shchepa <gshchepa@mysql.com> | 2009-01-23 22:18:02 +0400 |
| commit | 93991b6be983c11dfb595e9ee0647384dc37b09c (patch) | |
| tree | a1139da70074b055b8328abd316f07ea040e0823 /mysql-test/t/user_var.test | |
| parent | db337eb8d8c2dc6c343b89ac78be8966d14a85fc (diff) | |
| download | mariadb-git-93991b6be983c11dfb595e9ee0647384dc37b09c.tar.gz | |
Bug#42188: crash and/or memory corruption with user variables
in trigger
Interchangeable calls to the mysql_change_user client function
and invocations of a trigger changing some user variable caused
a memory corruption and a crash.
The mysql_change_user API call forces TDH::cleanup() on a server
that frees user variable entries.
However it didn't reset Item_func_set_user_var::entry to NULL
because Item_func_set_user_var::cleanup() was not overloaded.
So, Item_func_set_user_var::entry held a pointer to freed memory,
that caused a crash.
The Item_func_set_user_var::cleanup method has been overloaded
to cleanup the Item_func_set_user_var::entry field.
mysql-test/r/user_var.result:
Added test case for bug #42188.
mysql-test/t/user_var.test:
Added test case for bug #42188.
sql/item_func.cc:
Bug#42188: crash and/or memory corruption with user variables
in trigger
The Item_func_set_user_var::cleanup method has been overloaded
to cleanup the Item_func_set_user_var::entry field.
sql/item_func.h:
Bug#42188: crash and/or memory corruption with user variables
in trigger
The Item_func_set_user_var::cleanup method has been overloaded
to cleanup the Item_func_set_user_var::entry field.
Diffstat (limited to 'mysql-test/t/user_var.test')
| -rw-r--r-- | mysql-test/t/user_var.test | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/mysql-test/t/user_var.test b/mysql-test/t/user_var.test index 5d916e410e3..fb4511a87a0 100644 --- a/mysql-test/t/user_var.test +++ b/mysql-test/t/user_var.test @@ -285,4 +285,15 @@ set @lastid=-1; select @lastid != id, @lastid, @lastid := id from t1; drop table t1; +# +# Bug#42188: crash and/or memory corruption with user variables in trigger +# + +CREATE TABLE t1 (i INT); +CREATE TRIGGER t_after_insert AFTER INSERT ON t1 FOR EACH ROW SET @bug42188 = 10; +INSERT INTO t1 VALUES (1); +--change_user +INSERT INTO t1 VALUES (1); +DROP TABLE t1; + --echo End of 5.1 tests |