diff options
| author | unknown <kaa@mbp.> | 2008-02-12 12:43:55 +0300 |
|---|---|---|
| committer | unknown <kaa@mbp.> | 2008-02-12 12:43:55 +0300 |
| commit | d5092fa9caf06376023c25cd55610b9a033e3904 (patch) | |
| tree | ef9ed0daaa725f68365be41c4274edd497d656c5 /sql/item.cc | |
| parent | f80b593d21296245970460d5b95e240a1783afcf (diff) | |
| download | mariadb-git-d5092fa9caf06376023c25cd55610b9a033e3904.tar.gz | |
Fix for bug #33389: Selecting from a view into a table from within SP
or trigger crashes server
Under some circumstances a combination of VIEWs, subselects with outer
references and PS/SP/triggers could lead to use of uninitialized memory
and server crash as a result.
Fixed by changing the code in Item_field::fix_fields() so that in cases
when the field is a VIEW reference, we first check whether the field
is also an outer reference, and mark it appropriately before returning.
mysql-test/r/view.result:
Added a test case for bug #33389.
mysql-test/t/view.test:
Added a test case for bug #33389.
sql/item.cc:
In cases when in Item_field::fix_fields() from_field is a view reference,
do not return too early, i.e. before marking the reference as an outer
one when needed.
Diffstat (limited to 'sql/item.cc')
| -rw-r--r-- | sql/item.cc | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/sql/item.cc b/sql/item.cc index 713e7709bcb..8283e1a13d3 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -3903,6 +3903,18 @@ bool Item_field::fix_fields(THD *thd, Item **reference) else if (!from_field) goto error; + if (!outer_fixed && cached_table && cached_table->select_lex && + context->select_lex && + cached_table->select_lex != context->select_lex) + { + int ret; + if ((ret= fix_outer_field(thd, &from_field, reference)) < 0) + goto error; + else if (!ret) + return FALSE; + outer_fixed= 1; + } + /* if it is not expression from merged VIEW we will set this field. @@ -3918,18 +3930,6 @@ bool Item_field::fix_fields(THD *thd, Item **reference) if (from_field == view_ref_found) return FALSE; - if (!outer_fixed && cached_table && cached_table->select_lex && - context->select_lex && - cached_table->select_lex != context->select_lex) - { - int ret; - if ((ret= fix_outer_field(thd, &from_field, reference)) < 0) - goto error; - else if (!ret) - return FALSE; - outer_fixed= 1; - } - set_field(from_field); if (thd->lex->in_sum_func && thd->lex->in_sum_func->nest_level == |