Bug#26503 (Illegal SQL exception handler code causes the server to crash)

Before this fix, the parser would accept illegal code in SQL exceptions
handlers, that later causes the runtime to crash when executing the code,
due to memory violations in the exception handler stack.

The root cause of the problem is instructions within an exception handler
that jumps to code located outside of the handler. This is illegal according
to the SQL 2003 standard, since labels located outside the handler are not
supposed to be visible (they are "out of scope"), so any instruction that
jumps to these labels, like ITERATE or LEAVE, should not parse.

The section of the standard that is relevant for this is :
  SQL:2003 SQL/PSM (ISO/IEC 9075-4:2003)
  section 13.1 <compound statement>,
  syntax rule 4
<quote>
  The scope of the <beginning label> is CS excluding every <SQL schema
  statement> contained in CS and excluding every
  <local handler declaration list> contained in CS. <beginning label> shall
  not be equivalent to any other <beginning label>s within that scope.
</quote>

With this fix, the C++ class sp_pcontext, which represent the "parsing
context" tree (a.k.a symbol table) of a stored procedure, has been changed
as follows:
- constructors have been cleaned up, so that only building a root node for
the tree is public; building nodes inside a tree is not public.
- a new member, m_label_scope, indicates if a given syntactic context
belongs to a DECLARE HANDLER block,
- label resolution, in the method find_label(), has been changed to
implement the restriction of scope regarding labels used in a compound
statement.

The actions in the parser, when parsing the body of a SQL exception handler,
have been changed as follows:
- the implementation of an exception handler (DECLARE HANDLER) now creates
explicitly a new sp_pcontext, to isolate the code inside the handler from
the containing compound statement context.
- registering exception handlers as a result occurs in the parent context,
see the rule sp_hcond_element
- the code in sp_hcond_list has been cleaned up, to avoid code duplication

In addition, the flags IN_SIMPLE_CASE and IN_HANDLER, declared in sp_head.h
have been removed, since they are unused and broken by design (as seen with
Bug 19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation), representing a stack in a single flag is not possible.

Tests in sp-error have been added to show that illegal constructs are now
rejected.

Tests in sp have been added for code coverage, to show that ITERATE or LEAVE
statements are legal when jumping to a label in scope, inside the body of
an exception handler.


mysql-test/r/sp-error.result:
  SQL Exception handlers define a parsing context for label resolution.
mysql-test/r/sp.result:
  SQL Exception handlers define a parsing context for label resolution.
mysql-test/t/sp-error.test:
  SQL Exception handlers define a parsing context for label resolution.
mysql-test/t/sp.test:
  SQL Exception handlers define a parsing context for label resolution.
sql/sp_head.cc:
  Minor cleanup
sql/sp_head.h:
  Minor cleanup
sql/sp_pcontext.cc:
  SQL Exception handlers define a parsing context for label resolution.
sql/sp_pcontext.h:
  SQL Exception handlers define a parsing context for label resolution.
sql/sql_yacc.yy:
  SQL Exception handlers define a parsing context for label resolution.

1 files changed, 51 insertions, 10 deletions

diff --git a/sql/sp_pcontext.h b/sql/sp_pcontext.h
index b2cdd5e689c..5bffda79f98 100644
--- a/sql/sp_pcontext.h
+++ b/sql/sp_pcontext.h
@@ -88,16 +88,33 @@ typedef struct sp_cond
   sp_cond_type_t *val;
 } sp_cond_t;
 
+/**
+  The scope of a label in Stored Procedures,
+  for name resolution of labels in a parsing context.
+*/
+enum label_scope_type
+{
+  /**
+    The labels declared in a parent context are in scope.
+  */
+  LABEL_DEFAULT_SCOPE,
+  /**
+    The labels declared in a parent context are not in scope.
+  */
+  LABEL_HANDLER_SCOPE
+};
 
-/*
-  The parse-time context, used to keep track on declared variables/parameters,
+/**
+  The parse-time context, used to keep track of declared variables/parameters,
   conditions, handlers, cursors and labels, during parsing.
   sp_contexts are organized as a tree, with one object for each begin-end
-  block, plus a root-context for the parameters.
+  block, one object for each exception handler,
+  plus a root-context for the parameters.
   This is used during parsing for looking up defined names (e.g. declared
   variables and visible labels), for error checking, and to calculate offsets
   to be used at runtime. (During execution variable values, active handlers
   and cursors, etc, are referred to by an index in a stack.)
+  Parsing contexts for exception handlers limit the visibility of labels.
   The pcontext tree is also kept during execution and is used for error
   checking (e.g. correct number of parameters), and in the future, used by
   the debugger.
@@ -105,21 +122,30 @@ typedef struct sp_cond
 
 class sp_pcontext : public Sql_alloc
 {
-  sp_pcontext(const sp_pcontext &); /* Prevent use of these */
-  void operator=(sp_pcontext &);
+public:
 
- public:
-
-  sp_pcontext(sp_pcontext *prev);
+  /**
+    Constructor.
+    Builds a parsing context root node.
+  */
+  sp_pcontext();
 
   // Free memory
   void
   destroy();
 
+  /**
+    Create and push a new context in the tree.
+    @param label_scope label scope for the new parsing context
+    @return the node created
+  */
   sp_pcontext *
-  push_context();
+  push_context(label_scope_type label_scope);
 
-  // Returns the previous context, not the one we pop
+  /**
+    Pop a node from the parsing context tree.
+    @return the parent node
+  */
   sp_pcontext *
   pop_context();
 
@@ -363,6 +389,13 @@ class sp_pcontext : public Sql_alloc
 
 protected:
 
+  /**
+    Constructor for a tree node.
+    @param prev the parent parsing context
+    @param label_scope label_scope for this parsing context
+  */
+  sp_pcontext(sp_pcontext *prev, label_scope_type label_scope);
+
   /*
     m_max_var_index -- number of variables (including all types of arguments)
     in this context including all children contexts.
@@ -416,6 +449,14 @@ private:
 
   List<sp_pcontext> m_children;	// Children contexts, used for destruction
 
+  /**
+    Scope of labels for this parsing context.
+  */
+  label_scope_type m_label_scope;
+
+private:
+  sp_pcontext(const sp_pcontext &); /* Prevent use of these */
+  void operator=(sp_pcontext &);
 }; // class sp_pcontext : public Sql_alloc