diff options
| author | Sergei Petrunia <psergey@askmonty.org> | 2015-07-29 21:38:45 +0300 |
|---|---|---|
| committer | Sergei Petrunia <psergey@askmonty.org> | 2015-08-03 21:02:27 +0300 |
| commit | b74795b00cf36b5d8d733e0056a64f2490fd51ea (patch) | |
| tree | 82d9dc1e94bede20ea43cce263fded79c307fe75 /mysql-test/t/sp.test | |
| parent | cb925491d47fb46fd3927f9bea0ac8b456a305f0 (diff) | |
| download | mariadb-git-b74795b00cf36b5d8d733e0056a64f2490fd51ea.tar.gz | |
MDEV-7040: Crash in field_conv, memcpy_field_possible, part#2
The problem was with Materialized_cursor and temporary table it uses.
Temorary table's fields had Field::orig_table pointing to the tables
that were used in the query that produced data for the cursor.
When "FETCH INTO sp_var" statement is executed, those original tables
were already closed. However, copying from Materialized_cursor's table
into SP variable may cause field_conv() to be invoked which calls
field->type() which may access field->orig_table (for certain field types).
Fixed by setting Materialized_cursor->table->field[i]->orig_table to point
to Materialized_cursor->table. (this is how it is done for regular base
tables)
Diffstat (limited to 'mysql-test/t/sp.test')
| -rw-r--r-- | mysql-test/t/sp.test | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test index d378ab551e6..c62257049ee 100644 --- a/mysql-test/t/sp.test +++ b/mysql-test/t/sp.test @@ -9303,3 +9303,71 @@ DROP PROCEDURE p1; DROP TABLE t1; --echo # End of 5.5 test + +--echo # +--echo # MDEV-7040: Crash in field_conv, memcpy_field_possible, part#2 +--echo # +create table t1 ( + col1 bigint(20), + col2 char(1), + col3 char(2) +); +insert into t1 values (1,'a','a'), (2,'b','b'); + +create table t2 as select * from t1; +create table t3 as select * from t1; +create table t4 as select * from t1; +create table t5 as select * from t1; +create table t6 as select * from t1; + +flush tables; + +DELIMITER |; + +CREATE PROCEDURE p1() +begin + DECLARE _var1 bigint(20) UNSIGNED; + DECLARE _var2 CHAR(1) DEFAULT NULL; + DECLARE _var3 CHAR(1) DEFAULT NULL; + + DECLARE _done BOOLEAN DEFAULT 0; + + declare cur1 cursor for + select col1, col2, col3 + from t1 + where + col1 in (select t2.col1 from t2 where t2.col2=t1.col2) or + col2 in (select t3.col3 from t3 where t3.col3=t1.col2) ; + + DECLARE CONTINUE HANDLER FOR NOT FOUND SET _done = 1; + + OPEN cur1; + + set _var1 = (select _var1 from t4 limit 1); + set _var1 = (select _var1 from t5 limit 1); + set _var1 = (select _var1 from t6 limit 1); +label1: + LOOP + SET _done = 0; + FETCH cur1 INTO _var1, _var2, _var3; + IF _done THEN + LEAVE label1; + END IF; + END LOOP label1; + CLOSE cur1; +end| +DELIMITER ;| + +set @tmp_toc= @@table_open_cache; +set @tmp_tdc= @@table_definition_cache; + +set global table_open_cache=1; +set global table_definition_cache=1; +call p1(); + +set global table_open_cache= @tmp_toc; +set global table_definition_cache= @tmp_tdc; +drop procedure p1; + +drop table t1,t2,t3,t4,t5,t6; + |