Bug#33618 (Crash in sp_rcontext)

Bug 33983 (Stored Procedures: wrong end <label> syntax is accepted)

The server used to crash when REPEAT or another control instruction
was used in conjunction with labels and a LEAVE instruction.

The crash was caused by a missing "pop" of handlers or cursors in the
code representing the stored program. When executing the code in a loop,
this missing "pop" would result in a stack overflow, corrupting memory.

Code generation has been fixed to produce the missing h_pop/c_pop
instructions.

Also, the logic checking that labels at the beginning and the end of a
statement are matched was incorrect, causing Bug 33983.
End labels, when used, must match the label used at the beginning of a block.


mysql-test/r/sp-code.result:
  Bug#33618 (Crash in sp_rcontext)
mysql-test/r/sp-error.result:
  Bug 33983 (Stored Procedures: wrong end <label> syntax is accepted)
mysql-test/r/sp.result:
  Bug#33618 (Crash in sp_rcontext)
mysql-test/t/sp-code.test:
  Bug#33618 (Crash in sp_rcontext)
mysql-test/t/sp-error.test:
  Bug 33983 (Stored Procedures: wrong end <label> syntax is accepted)
mysql-test/t/sp.test:
  Bug#33618 (Crash in sp_rcontext)
sql/sp_head.cc:
  Bug#33618 (Crash in sp_rcontext)
sql/sp_head.h:
  Bug#33618 (Crash in sp_rcontext)
sql/sp_rcontext.cc:
  Bug#33618 (Crash in sp_rcontext)
sql/sp_rcontext.h:
  Bug#33618 (Crash in sp_rcontext)
sql/sql_yacc.yy:
  Bug#33618 (Crash in sp_rcontext)

1 files changed, 3 insertions, 2 deletions

diff --git a/sql/sp_head.h b/sql/sp_head.h
index a46ec9433d7..0e710196603 100644
--- a/sql/sp_head.h
+++ b/sql/sp_head.h
@@ -779,8 +779,9 @@ public:
 
   virtual void backpatch(uint dest, sp_pcontext *dst_ctx)
   {
-    if (m_dest == 0)		// Don't reset
-      m_dest= dest;
+    /* Calling backpatch twice is a logic flaw in jump resolution. */
+    DBUG_ASSERT(m_dest == 0);
+    m_dest= dest;
   }
 
   /*