Bug#47649 crash during CALL procedure

If first call of the procedure is failed on
the open_table stage stmt_arena->state is set to
EXECUTED state. On second call(if no errors on
open_table stage) it leads to use of worng memory arena
in find_field_in_view() function as
thd->stmt_arena->is_stmt_prepare_or_first_sp_execute()
returns FALSE for EXECUTED state. The item is created 
not in its own arena and it leads to crash on further
calls of the procedure.
The fix: 
change state of arena only if
no errors on open_table stage happens.


mysql-test/r/sp.result:
  test result
mysql-test/t/sp.test:
  test case
sql/sp_head.cc:
  If first call of the procedure is failed on
  the open_table stage stmt_arena->state is set to
  EXECUTED state. On second call(if no errors on
  open_table stage) it leads to use of worng memory arena
  in find_field_in_view() function as
  thd->stmt_arena->is_stmt_prepare_or_first_sp_execute()
  returns FALSE for EXECUTED state. The item is created 
  not in its own arena and it leads to crash on further
  calls of the procedure.
  The fix: 
  change state of arena only if
  no errors on open_table stage happens.

1 files changed, 19 insertions, 0 deletions

diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test
index 73ba62612b8..5cf050146dd 100644
--- a/mysql-test/t/sp.test
+++ b/mysql-test/t/sp.test
@@ -8242,6 +8242,25 @@ while ($tab_count)
 DROP PROCEDURE p1;
 DROP TABLE t1;
 
+#
+# Bug#47649 crash during CALL procedure
+#
+CREATE TABLE t1 ( f1 integer, primary key (f1));
+CREATE TABLE t2 LIKE t1;
+CREATE TEMPORARY TABLE t3 LIKE t1;
+delimiter |;
+CREATE PROCEDURE p1 () BEGIN SELECT f1 FROM t3 AS A WHERE A.f1 IN ( SELECT f1 FROM t3 ) ;
+END|
+delimiter ;|
+--error ER_CANT_REOPEN_TABLE
+CALL p1;
+CREATE VIEW t3 AS SELECT f1 FROM t2 A WHERE A.f1 IN ( SELECT f1 FROM t2 );
+DROP TABLE t3;
+CALL p1;
+CALL p1;
+DROP PROCEDURE p1;
+DROP TABLE t1, t2;
+DROP VIEW t3;
 
 --echo #
 --echo # Bug #46629: Item_in_subselect::val_int(): Assertion `0'