A fix and a test case for

 Bug#19022 "Memory bug when switching db during trigger execution"
 Bug#17199 "Problem when view calls function from another database."
 Bug#18444 "Fully qualified stored function names don't work correctly in
            SELECT statements"

 Documentation note: this patch introduces a change in behaviour of prepared
 statements.

 This patch adds a few new invariants with regard to how THD::db should
 be used. These invariants should be preserved in future:

  - one should never refer to THD::db by pointer and always make a deep copy
    (strmake, strdup)
  - one should never compare two databases by pointer, but use strncmp or
    my_strncasecmp
  - TABLE_LIST object table->db should be always initialized in the parser or
    by creator of the object.

    For prepared statements it means that if the current database is changed
    after a statement is prepared, the database that was current at prepare
    remains active. This also means that you can not prepare a statement that
    implicitly refers to the current database if the latter is not set.
    This is not documented, and therefore needs documentation. This is NOT a
    change in behavior for almost all SQL statements except:
     - ALTER TABLE t1 RENAME t2 
     - OPTIMIZE TABLE t1
     - ANALYZE TABLE t1
     - TRUNCATE TABLE t1 --
     until this patch t1 or t2 could be evaluated at the first execution of
     prepared statement. 

     CURRENT_DATABASE() still works OK and is evaluated at every execution
     of prepared statement.

     Note, that in stored routines this is not an issue as the default
     database is the database of the stored procedure and "use" statement
     is prohibited in stored routines.

  This patch makes obsolete the use of check_db_used (it was never used in the
  old code too) and all other places that check for table->db and assign it
  from THD::db if it's NULL, except the parser.

 How this patch was created: THD::{db,db_length} were replaced with a
 LEX_STRING, THD::db. All the places that refer to THD::{db,db_length} were
 manually checked and:
  - if the place uses thd->db by pointer, it was fixed to make a deep copy
  - if a place compared two db pointers, it was fixed to compare them by value
    (via strcmp/my_strcasecmp, whatever was approproate)
 Then this intermediate patch was used to write a smaller patch that does the
 same thing but without a rename.

 TODO in 5.1:
   - remove check_db_used
   - deploy THD::set_db in mysql_change_db

 See also comments to individual files.


mysql-test/r/create.result:
  Modify the result file: a database can never be NULL.
mysql-test/r/ps.result:
  Update test results (Bug#17199 et al)
mysql-test/r/sp.result:
  Update test results (Bug#17199 et al)
mysql-test/t/create.test:
  Update the id of the returned error.
mysql-test/t/ps.test:
  Add test coverage for prepared statements and current database. In scope of
  work on Bug#17199 "Problem when view calls function from another database."
mysql-test/t/sp.test:
  Add a test case for Bug#17199 "Problem when view calls function from another
  database." and Bug#18444 "Fully qualified stored function names don't work
  correctly in SELECT statements". Test a complementary problem.
sql/item_strfunc.cc:
  Touch the code that reads thd->db (cleanup).
sql/log_event.cc:
  While we are at it, replace direct access to thd->db with a method.
  Should simplify future conversion of THD::db to LEX_STRING.
sql/slave.cc:
  While we are at it, replace direct access to thd->db with a method.
  Should simplify future conversion of THD::db to LEX_STRING.
sql/slave.h:
  Remove a declaration for a method that is used only in one module.
sql/sp.cc:
  Rewrite sp_use_new_db: this is a cleanup that I needed in order to understand
  this function and ensure that it has no bugs.
sql/sp.h:
  Add a new declaration for sp_use_new_db (uses LEX_STRINGs) and a comment.
sql/sp_head.cc:
  - drop sp_name_current_db_new - a creator of sp_name class that was used
  when sp_name was created for an identifier without an explicitly initialized
  database. Now we pass thd->db to constructor of sp_name right in the 
  parser.
  - rewrite sp_head::init_strings: name->m_db is always set now
  - use the new variant of sp_use_new_db
  - we don't need to update thd->db with SP MEM_ROOT pointer anymore when
  parsing a stored procedure, as noone will refer to it (yes!)
sql/sp_head.h:
  - remove unneded methods and members
sql/sql_class.h:
  - introduce 3 THD  methods to work with THD::db:
    .set_db to assign the current database
    .reset_db to reset the current database (temporarily) or set it to NULL
    .opt_copy_db_to - to deep-copy thd->db to a pointer if it's not NULL
sql/sql_db.cc:
  While we are at it, replace direct access to thd->db with a method.
  Should simplify future conversion of THD::db to LEX_STRING.
sql/sql_insert.cc:
  - replace checks with asserts: table_list->db must be always set in the parser.
sql/sql_lex.h:
  - add a comment
sql/sql_parse.cc:
  - implement the invariant described in the changeset comment.
  - remove juggling with lex->sphead in SQLCOM_CREATE_PROCEDURE:
    now db_load_routine uses its own LEX object and doesn't damage the main
    LEX.
  - add DBUG_ASSERT(0) to unused "check_db_used"
sql/sql_table.cc:
  - replace a check with an assert (table_ident->db)
sql/sql_trigger.cc:
  While we are at it, replace direct access to thd->db with a method.
  Should simplify future conversion of THD::db to LEX_STRING.
sql/sql_udf.cc:
  - use thd->set_db instead of direct modification of to thd->db
sql/sql_view.cc:
  - replace a check with an assert (view->db)
sql/sql_yacc.yy:
  - make sure that we always copy table->db or name->db or ident->db or
    select_lex->db from thd->db if the former is not set. If thd->db
    is not set but is accessed, return an error.
sql/tztime.cc:
  - be nice, never copy thd->db by pointer.

1 files changed, 66 insertions, 41 deletions

diff --git a/sql/sp.cc b/sql/sp.cc
index cae7a56fa57..553465ebff8 100644
--- a/sql/sp.cc
+++ b/sql/sp.cc
@@ -404,7 +404,8 @@ db_load_routine(THD *thd, int type, sp_name *name, sp_head **sphp,
 {
   LEX *old_lex= thd->lex, newlex;
   String defstr;
-  char olddb[128];
+  char old_db_buf[NAME_LEN+1];
+  LEX_STRING old_db= { old_db_buf, sizeof(old_db_buf) };
   bool dbchanged;
   ulong old_sql_mode= thd->variables.sql_mode;
   ha_rows old_select_limit= thd->variables.select_limit;
@@ -450,9 +451,7 @@ db_load_routine(THD *thd, int type, sp_name *name, sp_head **sphp,
     goto end;
   }
 
-  dbchanged= FALSE;
-  if ((ret= sp_use_new_db(thd, name->m_db.str, olddb, sizeof(olddb),
-			  1, &dbchanged)))
+  if ((ret= sp_use_new_db(thd, name->m_db, &old_db, 1, &dbchanged)))
     goto end;
 
   lex_start(thd, (uchar*)defstr.c_ptr(), defstr.length());
@@ -462,14 +461,14 @@ db_load_routine(THD *thd, int type, sp_name *name, sp_head **sphp,
   {
     sp_head *sp= newlex.sphead;
 
-    if (dbchanged && (ret= mysql_change_db(thd, olddb, 1)))
+    if (dbchanged && (ret= mysql_change_db(thd, old_db.str, 1)))
       goto end;
     delete sp;
     ret= SP_PARSE_ERROR;
   }
   else
   {
-    if (dbchanged && (ret= mysql_change_db(thd, olddb, 1)))
+    if (dbchanged && (ret= mysql_change_db(thd, old_db.str, 1)))
       goto end;
     *sphp= newlex.sphead;
     (*sphp)->set_definer(&definer_user_name, &definer_host_name);
@@ -505,15 +504,14 @@ db_create_routine(THD *thd, int type, sp_head *sp)
   int ret;
   TABLE *table;
   char definer[USER_HOST_BUFF_SIZE];
-  char olddb[128];
+  char old_db_buf[NAME_LEN+1];
+  LEX_STRING old_db= { old_db_buf, sizeof(old_db_buf) };
   bool dbchanged;
   DBUG_ENTER("db_create_routine");
   DBUG_PRINT("enter", ("type: %d name: %.*s",type,sp->m_name.length,
                        sp->m_name.str));
 
-  dbchanged= FALSE;
-  if ((ret= sp_use_new_db(thd, sp->m_db.str, olddb, sizeof(olddb),
-			  0, &dbchanged)))
+  if ((ret= sp_use_new_db(thd, sp->m_db, &old_db, 0, &dbchanged)))
   {
     ret= SP_NO_DB_ERROR;
     goto done;
@@ -641,7 +639,7 @@ db_create_routine(THD *thd, int type, sp_head *sp)
 done:
   close_thread_tables(thd);
   if (dbchanged)
-    (void)mysql_change_db(thd, olddb, 1);
+    (void) mysql_change_db(thd, old_db.str, 1);
   DBUG_RETURN(ret);
 }
 
@@ -1814,49 +1812,76 @@ create_string(THD *thd, String *buf,
 }
 
 
-//
-// Utilities...
-//
+
+/*
+  Change the current database if needed.
+
+  SYNOPSIS
+    sp_use_new_db()
+      thd            thread handle
+
+      new_db         new database name (a string and its length)
+
+      old_db         [IN] str points to a buffer where to store the old
+                          database, length contains the size of the buffer
+                     [OUT] if old db was not NULL, its name is copied
+                     to the buffer pointed at by str and length is updated
+                     accordingly. Otherwise str[0] is set to '\0' and length
+                     is set to 0. The out parameter should be used only if
+                     the database name has been changed (see dbchangedp).
+
+     dbchangedp      [OUT] is set to TRUE if the current database is changed,
+                     FALSE otherwise. A database is not changed if the old
+                     name is the same as the new one, both names are empty,
+                     or an error has occurred.
+
+  RETURN VALUE
+    0                success
+    1                access denied or out of memory (the error message is
+                     set in THD)
+*/
 
 int
-sp_use_new_db(THD *thd, char *newdb, char *olddb, uint olddblen,
+sp_use_new_db(THD *thd, LEX_STRING new_db, LEX_STRING *old_db,
 	      bool no_access_check, bool *dbchangedp)
 {
-  bool changeit;
+  int ret;
+  static char empty_c_string[1]= {0};          /* used for not defined db */
   DBUG_ENTER("sp_use_new_db");
-  DBUG_PRINT("enter", ("newdb: %s", newdb));
+  DBUG_PRINT("enter", ("newdb: %s", new_db.str));
 
-  if (! newdb)
-    newdb= (char *)"";
-  if (thd->db && thd->db[0])
+  /*
+    Set new_db to an empty string if it's NULL, because mysql_change_db
+    requires a non-NULL argument.
+    new_db.str can be NULL only if we're restoring the old database after
+    execution of a stored procedure and there were no current database
+    selected. The stored procedure itself must always have its database
+    initialized.
+  */
+  if (new_db.str == NULL)
+    new_db.str= empty_c_string;
+
+  if (thd->db)
   {
-    if (my_strcasecmp(system_charset_info, thd->db, newdb) == 0)
-      changeit= 0;
-    else
-    {
-      changeit= 1;
-      strnmov(olddb, thd->db, olddblen);
-    }
+    old_db->length= (strmake(old_db->str, thd->db, old_db->length) -
+                     old_db->str);
   }
   else
-  {				// thd->db empty
-    if (newdb[0])
-      changeit= 1;
-    else
-      changeit= 0;
-    olddb[0] = '\0';
+  {
+    old_db->str[0]= '\0';
+    old_db->length= 0;
   }
-  if (!changeit)
+
+  /* Don't change the database if the new name is the same as the old one. */
+  if (my_strcasecmp(system_charset_info, old_db->str, new_db.str) == 0)
   {
     *dbchangedp= FALSE;
     DBUG_RETURN(0);
   }
-  else
-  {
-    int ret= mysql_change_db(thd, newdb, no_access_check);
 
-    if (! ret)
-      *dbchangedp= TRUE;
-    DBUG_RETURN(ret);
-  }
+  ret= mysql_change_db(thd, new_db.str, no_access_check);
+
+  *dbchangedp= ret == 0;
+  DBUG_RETURN(ret);
 }
+