diff options
| author | unknown <malff@lambda.hsd1.co.comcast.net.> | 2008-01-23 13:26:41 -0700 |
|---|---|---|
| committer | unknown <malff@lambda.hsd1.co.comcast.net.> | 2008-01-23 13:26:41 -0700 |
| commit | e6a077e34848d3a1faf6a712e48ca361887cf30f (patch) | |
| tree | fe23ef00f598a60c172f4f220f65dfc072babbb2 /sql/sp_rcontext.h | |
| parent | 81dda2e7019b4d55ea88ef2ab779ac78c07c8a3a (diff) | |
| download | mariadb-git-e6a077e34848d3a1faf6a712e48ca361887cf30f.tar.gz | |
Bug#33618 (Crash in sp_rcontext)
Bug 33983 (Stored Procedures: wrong end <label> syntax is accepted)
The server used to crash when REPEAT or another control instruction
was used in conjunction with labels and a LEAVE instruction.
The crash was caused by a missing "pop" of handlers or cursors in the
code representing the stored program. When executing the code in a loop,
this missing "pop" would result in a stack overflow, corrupting memory.
Code generation has been fixed to produce the missing h_pop/c_pop
instructions.
Also, the logic checking that labels at the beginning and the end of a
statement are matched was incorrect, causing Bug 33983.
End labels, when used, must match the label used at the beginning of a block.
mysql-test/r/sp-code.result:
Bug#33618 (Crash in sp_rcontext)
mysql-test/r/sp-error.result:
Bug 33983 (Stored Procedures: wrong end <label> syntax is accepted)
mysql-test/r/sp.result:
Bug#33618 (Crash in sp_rcontext)
mysql-test/t/sp-code.test:
Bug#33618 (Crash in sp_rcontext)
mysql-test/t/sp-error.test:
Bug 33983 (Stored Procedures: wrong end <label> syntax is accepted)
mysql-test/t/sp.test:
Bug#33618 (Crash in sp_rcontext)
sql/sp_head.cc:
Bug#33618 (Crash in sp_rcontext)
sql/sp_head.h:
Bug#33618 (Crash in sp_rcontext)
sql/sp_rcontext.cc:
Bug#33618 (Crash in sp_rcontext)
sql/sp_rcontext.h:
Bug#33618 (Crash in sp_rcontext)
sql/sql_yacc.yy:
Bug#33618 (Crash in sp_rcontext)
Diffstat (limited to 'sql/sp_rcontext.h')
| -rw-r--r-- | sql/sp_rcontext.h | 40 |
1 files changed, 6 insertions, 34 deletions
diff --git a/sql/sp_rcontext.h b/sql/sp_rcontext.h index 43102cfeeb2..368a017da21 100644 --- a/sql/sp_rcontext.h +++ b/sql/sp_rcontext.h @@ -107,21 +107,9 @@ class sp_rcontext : public Sql_alloc return m_return_value_set; } - inline void - push_handler(struct sp_cond_type *cond, uint h, int type, uint f) - { - m_handler[m_hcount].cond= cond; - m_handler[m_hcount].handler= h; - m_handler[m_hcount].type= type; - m_handler[m_hcount].foffset= f; - m_hcount+= 1; - } + void push_handler(struct sp_cond_type *cond, uint h, int type, uint f); - inline void - pop_handlers(uint count) - { - m_hcount-= count; - } + void pop_handlers(uint count); // Returns 1 if a handler was found, 0 otherwise. bool @@ -158,29 +146,13 @@ class sp_rcontext : public Sql_alloc m_hfound= -1; } - inline void - push_hstack(uint h) - { - m_hstack[m_hsp++]= h; - } + void push_hstack(uint h); - inline uint - pop_hstack() - { - return m_hstack[--m_hsp]; - } + uint pop_hstack(); - inline void - enter_handler(int hid) - { - m_in_handler[m_ihsp++]= hid; - } + void enter_handler(int hid); - inline void - exit_handler() - { - m_ihsp-= 1; - } + void exit_handler(); void push_cursor(sp_lex_keeper *lex_keeper, sp_instr_cpush *i); |