summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Barkov <bar@mariadb.com>2018-06-13 23:37:09 +0400
committerAlexander Barkov <bar@mariadb.com>2018-06-13 23:37:09 +0400
commit23ced2f846c6a8b9b303c1365780999888fa438f (patch)
tree784b54cf8b2bc691f94ed9158ff990852f916dff
parent8662015c90718501d504f4c7aeb94b8626902a9c (diff)
downloadmariadb-git-23ced2f846c6a8b9b303c1365780999888fa438f.tar.gz
MDEV-16311 Server crash when using a NAME_CONST() with a CURSOR
Problem: The problem was most likely introduced by a fix for MDEV-11597 (commit 5f0c31f928338e8a6ffde098b7ffd3d1a8b02903) which removed the assignment "killed= KILL_BAD_DATA" from THD::raise_condition(). Before MDEV-11597, sp_head::execute() tested thd->killed after looping through the SP instructions and exited with an error if thd->killed is set. After MDEV-11597, sp_head::execute() stopped to notice errors and set the OK status on top of the error status, which crashed on assert. Fix: Making sp_cursor::fetch() return -1 if server_side_cursor->fetch(1) left an error in the diagnostics area. This makes the statement "err_status= i->execute(thd, &ip)" in sp_head::execute() set the error code and correctly break the SP instruction loop and return on error without setting the OK status.
-rw-r--r--mysql-test/r/sp.result17
-rw-r--r--mysql-test/t/sp.test22
-rw-r--r--sql/sp_rcontext.cc6
3 files changed, 45 insertions, 0 deletions
diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result
index 59387b37585..7e466f23c72 100644
--- a/mysql-test/r/sp.result
+++ b/mysql-test/r/sp.result
@@ -8365,3 +8365,20 @@ ERROR HY000: Window function is allowed only in SELECT list and ORDER BY clause
CALL p1(SUM(1));
ERROR HY000: Invalid use of group function
DROP PROCEDURE p1;
+#
+# MDEV-16311 Server crash when using a NAME_CONST() with a CURSOR
+#
+SET sql_mode=STRICT_ALL_TABLES;
+CREATE TABLE t1 (a INT);
+INSERT INTO t1 VALUES (10);
+BEGIN NOT ATOMIC
+DECLARE a INT;
+DECLARE c CURSOR FOR SELECT NAME_CONST('x','y') FROM t1;
+OPEN c;
+FETCH c INTO a;
+CLOSE c;
+END;
+$$
+ERROR 22007: Incorrect integer value: 'y' for column 'a' at row 1
+DROP TABLE t1;
+SET sql_mode=DEFAULT;
diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test
index e8b63c4d791..a2155d3fe79 100644
--- a/mysql-test/t/sp.test
+++ b/mysql-test/t/sp.test
@@ -9879,3 +9879,25 @@ CALL p1(ROW_NUMBER() OVER ());
--error ER_INVALID_GROUP_FUNC_USE
CALL p1(SUM(1));
DROP PROCEDURE p1;
+
+
+--echo #
+--echo # MDEV-16311 Server crash when using a NAME_CONST() with a CURSOR
+--echo #
+
+SET sql_mode=STRICT_ALL_TABLES;
+CREATE TABLE t1 (a INT);
+INSERT INTO t1 VALUES (10);
+DELIMITER $$;
+--error ER_TRUNCATED_WRONG_VALUE_FOR_FIELD
+BEGIN NOT ATOMIC
+ DECLARE a INT;
+ DECLARE c CURSOR FOR SELECT NAME_CONST('x','y') FROM t1;
+ OPEN c;
+ FETCH c INTO a;
+ CLOSE c;
+END;
+$$
+DELIMITER ;$$
+DROP TABLE t1;
+SET sql_mode=DEFAULT;
diff --git a/sql/sp_rcontext.cc b/sql/sp_rcontext.cc
index 396f5b448fc..d612e15c000 100644
--- a/sql/sp_rcontext.cc
+++ b/sql/sp_rcontext.cc
@@ -509,9 +509,15 @@ int sp_cursor::fetch(THD *thd, List<sp_variable> *vars)
result.set_spvar_list(vars);
+ DBUG_ASSERT(!thd->is_error());
+
/* Attempt to fetch one row */
if (server_side_cursor->is_open())
+ {
server_side_cursor->fetch(1);
+ if (thd->is_error())
+ return -1; // e.g. data type conversion failed
+ }
/*
If the cursor was pointing after the last row, the fetch will