diff options
author | Alexander Barkov <bar@mariadb.com> | 2018-06-13 23:37:09 +0400 |
---|---|---|
committer | Alexander Barkov <bar@mariadb.com> | 2018-06-13 23:37:09 +0400 |
commit | 23ced2f846c6a8b9b303c1365780999888fa438f (patch) | |
tree | 784b54cf8b2bc691f94ed9158ff990852f916dff | |
parent | 8662015c90718501d504f4c7aeb94b8626902a9c (diff) | |
download | mariadb-git-23ced2f846c6a8b9b303c1365780999888fa438f.tar.gz |
MDEV-16311 Server crash when using a NAME_CONST() with a CURSOR
Problem:
The problem was most likely introduced by a fix for MDEV-11597
(commit 5f0c31f928338e8a6ffde098b7ffd3d1a8b02903) which removed
the assignment "killed= KILL_BAD_DATA" from THD::raise_condition().
Before MDEV-11597, sp_head::execute() tested thd->killed after
looping through the SP instructions and exited with an error
if thd->killed is set. After MDEV-11597, sp_head::execute()
stopped to notice errors and set the OK status on top of the
error status, which crashed on assert.
Fix:
Making sp_cursor::fetch() return -1 if server_side_cursor->fetch(1)
left an error in the diagnostics area. This makes the statement
"err_status= i->execute(thd, &ip)" in sp_head::execute() set the
error code and correctly break the SP instruction loop and
return on error without setting the OK status.
-rw-r--r-- | mysql-test/r/sp.result | 17 | ||||
-rw-r--r-- | mysql-test/t/sp.test | 22 | ||||
-rw-r--r-- | sql/sp_rcontext.cc | 6 |
3 files changed, 45 insertions, 0 deletions
diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result index 59387b37585..7e466f23c72 100644 --- a/mysql-test/r/sp.result +++ b/mysql-test/r/sp.result @@ -8365,3 +8365,20 @@ ERROR HY000: Window function is allowed only in SELECT list and ORDER BY clause CALL p1(SUM(1)); ERROR HY000: Invalid use of group function DROP PROCEDURE p1; +# +# MDEV-16311 Server crash when using a NAME_CONST() with a CURSOR +# +SET sql_mode=STRICT_ALL_TABLES; +CREATE TABLE t1 (a INT); +INSERT INTO t1 VALUES (10); +BEGIN NOT ATOMIC +DECLARE a INT; +DECLARE c CURSOR FOR SELECT NAME_CONST('x','y') FROM t1; +OPEN c; +FETCH c INTO a; +CLOSE c; +END; +$$ +ERROR 22007: Incorrect integer value: 'y' for column 'a' at row 1 +DROP TABLE t1; +SET sql_mode=DEFAULT; diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test index e8b63c4d791..a2155d3fe79 100644 --- a/mysql-test/t/sp.test +++ b/mysql-test/t/sp.test @@ -9879,3 +9879,25 @@ CALL p1(ROW_NUMBER() OVER ()); --error ER_INVALID_GROUP_FUNC_USE CALL p1(SUM(1)); DROP PROCEDURE p1; + + +--echo # +--echo # MDEV-16311 Server crash when using a NAME_CONST() with a CURSOR +--echo # + +SET sql_mode=STRICT_ALL_TABLES; +CREATE TABLE t1 (a INT); +INSERT INTO t1 VALUES (10); +DELIMITER $$; +--error ER_TRUNCATED_WRONG_VALUE_FOR_FIELD +BEGIN NOT ATOMIC + DECLARE a INT; + DECLARE c CURSOR FOR SELECT NAME_CONST('x','y') FROM t1; + OPEN c; + FETCH c INTO a; + CLOSE c; +END; +$$ +DELIMITER ;$$ +DROP TABLE t1; +SET sql_mode=DEFAULT; diff --git a/sql/sp_rcontext.cc b/sql/sp_rcontext.cc index 396f5b448fc..d612e15c000 100644 --- a/sql/sp_rcontext.cc +++ b/sql/sp_rcontext.cc @@ -509,9 +509,15 @@ int sp_cursor::fetch(THD *thd, List<sp_variable> *vars) result.set_spvar_list(vars); + DBUG_ASSERT(!thd->is_error()); + /* Attempt to fetch one row */ if (server_side_cursor->is_open()) + { server_side_cursor->fetch(1); + if (thd->is_error()) + return -1; // e.g. data type conversion failed + } /* If the cursor was pointing after the last row, the fetch will |