diff options
| author | unknown <pem@mysql.com> | 2006-02-15 12:11:29 +0100 |
|---|---|---|
| committer | unknown <pem@mysql.com> | 2006-02-15 12:11:29 +0100 |
| commit | 7f02b0a01b64070562d5d768b5709127714732a4 (patch) | |
| tree | 97f622b83534adc7d26cca57df1a1978fb650e11 /sql/sp_pcontext.cc | |
| parent | 3f4c176caeb5e1f9b2d56ab7536d0931bcafe76c (diff) | |
| download | mariadb-git-7f02b0a01b64070562d5d768b5709127714732a4.tar.gz | |
Fixed BUG#16887: Cursor causes server segfault
The problem was a code generation bug: cpop instructions were not generated
when using ITERATE back to an outer block from a context with a declared
cursor; this would make it push a new cursor without popping in-between,
eventually overrunning the cursor stack with a crash as the result.
Fixed the calculation of how many cursors to pop (in sp_pcontext.cc:
diff_cursors()), and also corrected diff_cursors() and diff_handlers()
to when doing a "leave"; don't include the last context we're leaving
(we are then jumping to the appropriate pop instructions).
mysql-test/r/sp.result:
Updated result for new test case (BUG#16887)
mysql-test/t/sp.test:
New test case for BUG#16887
sql/sp_pcontext.cc:
Added new parameter to sp_pcontext::diff_handlers() and diff_cursors():
They can either include (for iterate jumps) or exclude (for leave jumps)
the outer context.
Fixed bug in diff_cursors(); it was just plain wrong and would return
zero in some situations when it shouldn't.
sql/sp_pcontext.h:
Added new parameter to sp_pcontext::diff_handlers() and diff_cursors():
They can either include (for iterate jumps) or exclude (for leave jumps)
the outer context.
sql/sql_yacc.yy:
Added parameter to diff_handlers/diff_cursors depending on if it's an
iterate or leave jump.
For "leave", we don't have to include the last context we're leaving since
we will jump to the appropriate pop instructions.
Diffstat (limited to 'sql/sp_pcontext.cc')
| -rw-r--r-- | sql/sp_pcontext.cc | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/sql/sp_pcontext.cc b/sql/sp_pcontext.cc index a8bd8cd2aa0..f69053a7c88 100644 --- a/sql/sp_pcontext.cc +++ b/sql/sp_pcontext.cc @@ -122,30 +122,38 @@ sp_pcontext::pop_context() } uint -sp_pcontext::diff_handlers(sp_pcontext *ctx) +sp_pcontext::diff_handlers(sp_pcontext *ctx, bool exclusive) { uint n= 0; sp_pcontext *pctx= this; + sp_pcontext *last_ctx= NULL; while (pctx && pctx != ctx) { n+= pctx->m_handlers; + last_ctx= pctx; pctx= pctx->parent_context(); } if (pctx) - return n; + return (exclusive && last_ctx ? n - last_ctx->m_handlers : n); return 0; // Didn't find ctx } uint -sp_pcontext::diff_cursors(sp_pcontext *ctx) +sp_pcontext::diff_cursors(sp_pcontext *ctx, bool exclusive) { + uint n= 0; sp_pcontext *pctx= this; + sp_pcontext *last_ctx= NULL; while (pctx && pctx != ctx) + { + n+= pctx->m_cursor.elements; + last_ctx= pctx; pctx= pctx->parent_context(); + } if (pctx) - return ctx->current_cursors() - pctx->current_cursors(); + return (exclusive && last_ctx ? n - last_ctx->m_cursor.elements : n); return 0; // Didn't find ctx } |