diff options
| author | unknown <kroki/tomash@moonlight.intranet> | 2006-10-19 14:43:52 +0400 |
|---|---|---|
| committer | unknown <kroki/tomash@moonlight.intranet> | 2006-10-19 14:43:52 +0400 |
| commit | ef2d2165d1062f0a4d60ca3947de64fd9b6638d0 (patch) | |
| tree | fe96678ede8c02b670e41b3629c07a8a446681d4 /mysql-test/r/ps.result | |
| parent | 7c99f644ceca9c31f429f32f179a9e1c6b733447 (diff) | |
| download | mariadb-git-ef2d2165d1062f0a4d60ca3947de64fd9b6638d0.tar.gz | |
BUG#21856: Prepared Statements: crash if bad create
When statement to be prepared contained CREATE PROCEDURE, CREATE FUNCTION
or CREATE TRIGGER statements with a syntax error in it, the preparation
would fail with syntax error message, but the memory could be corrupted.
The problem occurred because we switch memroot when parse stored
routine or trigger definitions, and on parse error we restored the
original memroot only after performing some memory operations. In more
detail:
- prepared statement would activate its own memory root to parse
the definition of the stored procedure.
- SP would reset this memory root with its own memory root to
parse SP statements
- a syntax error would happen
- prepared statement would restore the original memory root
- stored procedure would restore what it thinks was the original
memory root, but actually was the statement memory root.
That led to double free - in destruction of the statement and in
a next call to mysql_parse().
The solution is to restore memroot right after the failed parsing.
mysql-test/r/ps.result:
Add result for bug#21856: Prepared Statements: crash if bad create.
mysql-test/t/ps.test:
Add test case for bug#21856: Prepared Statements: crash if bad create.
sql/sql_parse.cc:
On parse error if thd->lex->sphead is set we have to free sp_head object
to restore statement memroot, if it was switched during parsing.
The change here is for safety, currently query_cache_abort() and
lex->unit.cleanup() calls do not use current memroot.
sql/sql_prepare.cc:
On parse error if thd->lex->sphead is set we have to free sp_head object
to restore statement memroot, if it was switched during parsing.
Diffstat (limited to 'mysql-test/r/ps.result')
| -rw-r--r-- | mysql-test/r/ps.result | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/mysql-test/r/ps.result b/mysql-test/r/ps.result index 080187cfa7b..c895ef54e55 100644 --- a/mysql-test/r/ps.result +++ b/mysql-test/r/ps.result @@ -1311,4 +1311,5 @@ EXECUTE stmt USING @a; i j i i j DEALLOCATE PREPARE stmt; DROP TABLE IF EXISTS t1, t2, t3; +DROP PROCEDURE IF EXISTS p1; End of 5.0 tests. |