diff options
author | Georgi Kodinov <kgeorge@mysql.com> | 2008-10-08 14:23:53 +0300 |
---|---|---|
committer | Georgi Kodinov <kgeorge@mysql.com> | 2008-10-08 14:23:53 +0300 |
commit | 6d54b0443a55142263754e0f7a6a36a5bafc2a21 (patch) | |
tree | 9244a02dac3bb0b0d2dafbc410630a91346aba2f /mysql-test/t/ps_11bugs.test | |
parent | 68fa4edc84c9beca00b5813621159561f9006b1d (diff) | |
download | mariadb-git-6d54b0443a55142263754e0f7a6a36a5bafc2a21.tar.gz |
Bug #32124: crash if prepared statements refer to variables in the where clause
The code to get read the value of a system variable was extracting its value
on PREPARE stage and was substituting the value (as a constant) into the parse tree.
Note that this must be a reversible transformation, i.e. it must be reversed before
each re-execution.
Unfortunately this cannot be reliably done using the current code, because there are
other non-reversible source tree transformations that can interfere with this
reversible transformation.
Fixed by not resolving the value at PREPARE, but at EXECUTE (as the rest of the
functions operate). Added a cache of the value (so that it's constant throughout
the execution of the query). Note that the cache also caches NULL values.
Updated an obsolete related test suite (variables-big) and the code to test the
result type of system variables (as per bug 74).
mysql-test/extra/rpl_tests/rpl_insert_id.test:
Bug #32124: removed ambiguous testcase
mysql-test/r/innodb_data_home_dir_basic.result:
Bug #32124: fixed wrong test case
mysql-test/r/innodb_flush_method_basic.result:
Bug #32124: fixed wrong test case
mysql-test/r/ps_11bugs.result:
Bug #32124: test case
mysql-test/r/ssl_capath_basic.result:
Bug #32124: fixed wrong test case
mysql-test/r/ssl_cipher_basic.result:
Bug #32124: fixed wrong test case
mysql-test/r/variables.result:
Bug #32124: system vars are shown as such in EXPLAIN EXTENDED, not as constants.
mysql-test/suite/rpl/r/rpl_insert_id.result:
Bug #32124: removed ambiguous testcase
mysql-test/t/ps_11bugs.test:
Bug #32124: test case
sql/item.cc:
Bug #32124: placed the code to convert string to longlong or double
to a function (so that it can be reused)
sql/item.h:
Bug #32124: placed the code to convert string to longlong or double
to a function (so that it can be reused)
sql/item_func.cc:
Bug #32124: moved the evaluation of system variables at runtime (val_xxx).
sql/item_func.h:
Bug #32124: moved the evaluation of system variables at runtime (val_xxx).
sql/set_var.cc:
Bug #32124: removed the code that calculated the system variable's value
at PREPARE
sql/set_var.h:
Bug #32124: removed the code that calculated the system variable's value
at PREPARE
tests/mysql_client_test.c:
Bug #32124 : removed the reading of the system variable, because its max
length is depended on the system charset and client charset and can't be
easily calculated.
Diffstat (limited to 'mysql-test/t/ps_11bugs.test')
-rw-r--r-- | mysql-test/t/ps_11bugs.test | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/mysql-test/t/ps_11bugs.test b/mysql-test/t/ps_11bugs.test index 515bcc03c1a..ccab833e878 100644 --- a/mysql-test/t/ps_11bugs.test +++ b/mysql-test/t/ps_11bugs.test @@ -177,4 +177,41 @@ select * from t2; drop table t1; drop table t2; +# +# Bug #32124: crash if prepared statements refer to variables in the where +# clause +# + +CREATE TABLE t1 (a INT); +PREPARE stmt FROM 'select 1 from `t1` where `a` = any (select (@@tmpdir))'; +EXECUTE stmt; +DEALLOCATE PREPARE stmt; +DROP TABLE t1; + +CREATE TABLE t2 (a INT PRIMARY KEY); +INSERT INTO t2 VALUES (400000), (400001); + +SET @@sort_buffer_size=400000; + +DELIMITER |; + +CREATE FUNCTION p1(i INT) RETURNS INT +BEGIN + SET @@sort_buffer_size= i; + RETURN i + 1; +END| + +DELIMITER ;| + +SELECT * FROM t2 WHERE a = @@sort_buffer_size AND p1(@@sort_buffer_size + 1) > a - 1; + +DROP TABLE t2; +DROP FUNCTION p1; + + +SELECT CONCAT(@@sort_buffer_size); +SELECT LEFT("12345", @@ft_boolean_syntax); + +SET @@sort_buffer_size=DEFAULT; + --echo End of 5.0 tests. |