Bug#28846 Use of undocumented Prepared Statements crashes server

ALTER VIEW is currently not supported as a prepared statement
and should be disabled as such as they otherwise could cause server crashes.

ALTER VIEW is currently not supported when called from stored
procedures or functions for related reasons and should also be disabled.

This patch disables these DDL statements and adjusts the appropriate test
cases accordingly.

Additional tests has been added to reflect on the fact that we do support
CREATE/ALTER/DROP TABLE for Prepared Statements (PS), Stored Procedures (SP)
and PS within SP.


mysql-test/r/ps_1general.result:
  - Updated test to reflect on the new policy to disallow ALTER VIEW within SP.
mysql-test/r/sp-dynamic.result:
  - Added PS ALTER TABLE test from within SP-context to demonstrate that CREATE/ALTER/DROP
  TABLE statements is working.
  - Added PS CREATE/ALTER/DROP VIEW tests from within SP-context to show that
  ALTER VIEW is not supported, CREATE VIEW/DROP VIEW are supported.
mysql-test/r/sp-error.result:
  - Updated test to reflect on the new policy to disallow VIEW DDL within SP.
mysql-test/t/ps_1general.test:
  - Updated test to reflect on the new policy to disallow VIEW DDL within SP.
mysql-test/t/sp-dynamic.test:
  - Add PS ALTER TABLE test from within SP to demonstrate that CREATE/ALTER/DROP
  TABLE statements are supported.
mysql-test/t/sp-error.test:
  - Updated test to reflect on the new policy to disallow ALTER VIEW
  within SP-context.
  - Changed error code 1314 to the more abstract ER_SP_BADSTATEMENT.
sql/sql_class.h:
  - Added comment for clarity
sql/sql_parse.cc:
  - Added comment for clarity
sql/sql_prepare.cc:
  - Disallow ALTER VIEW as prepared statements until they are
    properly supported. Note that SQLCOM_CREATE_VIEW also handles ALTER VIEW
    statements.
sql/sql_view.cc:
  - converted to doxygen comments
  - Added comment for clarity
sql/sql_yacc.yy:
  - Disallow ALTER VIEW statements within a SP.
  If the parser is operating within the SP context, this is shown
  on the sp->sphead pointer. If this flag is set for view DDL operations
  we stop parsing with the error 'ER_SP_BAD_STATEMENT'.

6 files changed, 40 insertions, 10 deletions

diff --git a/mysql-test/r/ps_1general.result b/mysql-test/r/ps_1general.result
index df4ec793325..5ea6a758d42 100644
--- a/mysql-test/r/ps_1general.result
+++ b/mysql-test/r/ps_1general.result
@@ -396,6 +396,8 @@ prepare stmt1 from ' execute stmt2 ' ;
 ERROR HY000: This command is not supported in the prepared statement protocol yet
 prepare stmt1 from ' deallocate prepare never_prepared ' ;
 ERROR HY000: This command is not supported in the prepared statement protocol yet
+prepare stmt1 from 'alter view v1 as select 2';
+ERROR HY000: This command is not supported in the prepared statement protocol yet
 prepare stmt4 from ' use test ' ;
 ERROR HY000: This command is not supported in the prepared statement protocol yet
 prepare stmt3 from ' create database mysqltest ';
diff --git a/mysql-test/r/sp-dynamic.result b/mysql-test/r/sp-dynamic.result
index d9d5706cded..0f50bcc97cd 100644
--- a/mysql-test/r/sp-dynamic.result
+++ b/mysql-test/r/sp-dynamic.result
@@ -87,6 +87,10 @@ prepare stmt from "create table t1 (a int)";
 execute stmt;
 insert into t1 (a) values (1);
 select * from t1;
+prepare stmt_alter from "alter table t1 add (b int)";
+execute stmt_alter;
+insert into t1 (a,b) values (2,1);
+deallocate prepare stmt_alter;
 deallocate prepare stmt;
 deallocate prepare stmt_drop;
 end|
@@ -245,6 +249,9 @@ a
 1
 drop procedure p1|
 drop table if exists t1|
+drop table if exists t2|
+Warnings:
+Note	1051	Unknown table 't2'
 create table t1 (id integer primary key auto_increment,
 stmt_text char(35), status varchar(20))|
 insert into t1 (stmt_text) values
@@ -255,7 +262,10 @@ insert into t1 (stmt_text) values
 ("help help"), ("show databases"), ("show tables"),
 ("show table status"), ("show open tables"), ("show storage engines"),
 ("insert into t1 (id) values (1)"), ("update t1 set status=''"),
-("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar")|
+("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar"),
+("create view v1 as select 1"), ("alter view v1 as select 2"),
+("drop view v1"),("create table t2 (a int)"),("alter table t2 add (b int)"),
+("drop table t2")|
 create procedure p1()
 begin
 declare v_stmt_text varchar(255);
@@ -305,6 +315,12 @@ id	stmt_text	status
 20	truncate t1	supported
 21	call p1()	supported
 22	foo bar	syntax error
+23	create view v1 as select 1	supported
+24	alter view v1 as select 2	not supported
+25	drop view v1	supported
+26	create table t2 (a int)	supported
+27	alter table t2 add (b int)	supported
+28	drop table t2	supported
 drop procedure p1|
 drop table t1|
 prepare stmt from 'select 1'|
diff --git a/mysql-test/r/sp-error.result b/mysql-test/r/sp-error.result
index 7a2f812cde4..bd0640b2b14 100644
--- a/mysql-test/r/sp-error.result
+++ b/mysql-test/r/sp-error.result
@@ -982,9 +982,9 @@ ERROR HY000: Explicit or implicit commit is not allowed in stored function or tr
 CREATE FUNCTION bug_13627_f() returns int BEGIN create view v1 as select 1; return 1; END |
 ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger.
 CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN alter view v1 as select 1; END |
-ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger.
+ERROR 0A000: ALTER VIEW is not allowed in stored procedures
 CREATE FUNCTION bug_13627_f() returns int BEGIN alter view v1 as select 1; return 1; END |
-ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger.
+ERROR 0A000: ALTER VIEW is not allowed in stored procedures
 CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN drop view v1; END |
 ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger.
 CREATE FUNCTION bug_13627_f() returns int BEGIN drop view v1; return 1; END |
diff --git a/mysql-test/t/ps_1general.test b/mysql-test/t/ps_1general.test
index 2e7fea2ff3d..952931f2ad1 100644
--- a/mysql-test/t/ps_1general.test
+++ b/mysql-test/t/ps_1general.test
@@ -423,6 +423,10 @@ prepare stmt1 from ' execute stmt2 ' ;
 --error ER_UNSUPPORTED_PS 
 prepare stmt1 from ' deallocate prepare never_prepared ' ;
 
+## We don't support alter view as prepared statements
+--error ER_UNSUPPORTED_PS
+prepare stmt1 from 'alter view v1 as select 2';
+
 ## switch the database connection
 --error 1295
 prepare stmt4 from ' use test ' ;
diff --git a/mysql-test/t/sp-dynamic.test b/mysql-test/t/sp-dynamic.test
index 6546a5ab548..e6f4aae96ac 100644
--- a/mysql-test/t/sp-dynamic.test
+++ b/mysql-test/t/sp-dynamic.test
@@ -85,7 +85,7 @@ call p1()|
 call p1()|
 drop procedure p1|
 #
-# D. Create/Drop a table (a DDL that issues a commit) in Dynamic SQL.
+# D. Create/Drop/Alter a table (a DDL that issues a commit) in Dynamic SQL.
 # (should work ok).
 #
 create procedure p1()
@@ -96,6 +96,10 @@ begin
   execute stmt;
   insert into t1 (a) values (1);
   select * from t1;
+  prepare stmt_alter from "alter table t1 add (b int)";
+  execute stmt_alter;
+  insert into t1 (a,b) values (2,1);
+  deallocate prepare stmt_alter;
   deallocate prepare stmt;
   deallocate prepare stmt_drop;
 end|
@@ -239,6 +243,7 @@ drop procedure p1|
 # K. Use of continue handlers with Dynamic SQL.
 #
 drop table if exists t1|
+drop table if exists t2|
 create table t1 (id integer primary key auto_increment,
                  stmt_text char(35), status varchar(20))|
 insert into t1 (stmt_text) values
@@ -249,7 +254,10 @@ insert into t1 (stmt_text) values
   ("help help"), ("show databases"), ("show tables"),
   ("show table status"), ("show open tables"), ("show storage engines"),
   ("insert into t1 (id) values (1)"), ("update t1 set status=''"),
-  ("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar")|
+  ("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar"),
+  ("create view v1 as select 1"), ("alter view v1 as select 2"),
+  ("drop view v1"),("create table t2 (a int)"),("alter table t2 add (b int)"),
+  ("drop table t2")|
 create procedure p1()
 begin
   declare v_stmt_text varchar(255);
diff --git a/mysql-test/t/sp-error.test b/mysql-test/t/sp-error.test
index ec91be13ba0..240cda67edc 100644
--- a/mysql-test/t/sp-error.test
+++ b/mysql-test/t/sp-error.test
@@ -1087,12 +1087,12 @@ delimiter ;|
 #
 # BUG 12490 (Packets out of order if calling HELP CONTENTS from Stored Procedure)
 #
---error 1314
+--error ER_SP_BADSTATEMENT
 CREATE PROCEDURE BUG_12490() HELP CONTENTS;
---error 1314
+--error ER_SP_BADSTATEMENT
 CREATE FUNCTION BUG_12490() RETURNS INT HELP CONTENTS;
 CREATE TABLE t_bug_12490(a int);
---error 1314
+--error ER_SP_BADSTATEMENT
 CREATE TRIGGER BUG_12490 BEFORE UPDATE ON t_bug_12490 FOR EACH ROW HELP CONTENTS;
 DROP TABLE t_bug_12490;
 
@@ -1397,9 +1397,9 @@ CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN create view v1 as sele
 -- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG
 CREATE FUNCTION bug_13627_f() returns int BEGIN create view v1 as select 1; return 1; END |
 
--- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG
+-- error ER_SP_BADSTATEMENT
 CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN alter view v1 as select 1; END |
--- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG
+-- error ER_SP_BADSTATEMENT
 CREATE FUNCTION bug_13627_f() returns int BEGIN alter view v1 as select 1; return 1; END |
 
 -- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG