summaryrefslogtreecommitdiff
path: root/sql/sp_rcontext.cc
diff options
context:
space:
mode:
authorunknown <knielsen@mysql.com>2006-05-15 12:01:55 +0200
committerunknown <knielsen@mysql.com>2006-05-15 12:01:55 +0200
commitdccd333ecf4d566029c40e18bee33f6019bc2420 (patch)
tree269b1cc4ffdaf52a959a5bf03778eedd53698a30 /sql/sp_rcontext.cc
parentafe4715242576a8575abcec955baa4bfd78af85e (diff)
downloadmariadb-git-dccd333ecf4d566029c40e18bee33f6019bc2420.tar.gz
BUG#18037: Fix stack corruption in THD::rollback_item_tree_changes().
Stored procedure execution sometimes placed the address of auto variables in the list of Item changes to undo in THD::rollback_item_tree_changes(). This could cause stack corruption. sql/sp_head.cc: Avoid storing address of auto variables in global rollback list, to prevent stack memory corruption. sql/sp_head.h: Avoid storing address of auto variables in global rollback list, to prevent stack memory corruption. sql/sp_rcontext.cc: Avoid storing address of auto variables in global rollback list, to prevent stack memory corruption. sql/sp_rcontext.h: Avoid storing address of auto variables in global rollback list, to prevent stack memory corruption. sql/sql_class.cc: Avoid storing address of auto variables in global rollback list, to prevent stack memory corruption.
Diffstat (limited to 'sql/sp_rcontext.cc')
-rw-r--r--sql/sp_rcontext.cc13
1 files changed, 7 insertions, 6 deletions
diff --git a/sql/sp_rcontext.cc b/sql/sp_rcontext.cc
index 38b6de0e75a..3bc27a029d0 100644
--- a/sql/sp_rcontext.cc
+++ b/sql/sp_rcontext.cc
@@ -150,7 +150,7 @@ sp_rcontext::init_var_items()
bool
-sp_rcontext::set_return_value(THD *thd, Item *return_value_item)
+sp_rcontext::set_return_value(THD *thd, Item **return_value_item)
{
DBUG_ASSERT(m_return_value_fld);
@@ -279,14 +279,14 @@ sp_rcontext::pop_cursors(uint count)
int
-sp_rcontext::set_variable(THD *thd, uint var_idx, Item *value)
+sp_rcontext::set_variable(THD *thd, uint var_idx, Item **value)
{
return set_variable(thd, m_var_table->field[var_idx], value);
}
int
-sp_rcontext::set_variable(THD *thd, Field *field, Item *value)
+sp_rcontext::set_variable(THD *thd, Field *field, Item **value)
{
if (!value)
{
@@ -478,9 +478,10 @@ sp_rcontext::create_case_expr_holder(THD *thd, Item_result result_type)
*/
int
-sp_rcontext::set_case_expr(THD *thd, int case_expr_id, Item *case_expr_item)
+sp_rcontext::set_case_expr(THD *thd, int case_expr_id, Item **case_expr_item_ptr)
{
- if (!(case_expr_item= sp_prepare_func_item(thd, &case_expr_item)))
+ Item *case_expr_item= sp_prepare_func_item(thd, case_expr_item_ptr);
+ if (!case_expr_item)
return TRUE;
if (!m_case_expr_holders[case_expr_id] ||
@@ -542,7 +543,7 @@ bool Select_fetch_into_spvars::send_data(List<Item> &items)
*/
for (; spvar= spvar_iter++, item= item_iter++; )
{
- if (thd->spcont->set_variable(thd, spvar->offset, item))
+ if (thd->spcont->set_variable(thd, spvar->offset, &item))
return TRUE;
}
return FALSE;