Bug #42064: low memory crash when importing hex strings, in

            Item_hex_string::Item_hex_string

The status of memory allocation in the Lex_input_stream (called
from the Parser_state constructor) was not checked which led to
a parser crash in case of the out-of-memory error.

The solution is to introduce new init() member function in
Parser_state and Lex_input_stream so that status of memory
allocation can be returned to the caller.

mysql-test/r/error_simulation.result:
  Added a test case for bug #42064.
mysql-test/t/error_simulation.test:
  Added a test case for bug #42064.
mysys/my_alloc.c:
  Added error injection code for the regression test.
mysys/my_malloc.c:
  Added error injection code for the regression test.
mysys/safemalloc.c:
  Added error injection code for the regression test.
sql/event_data_objects.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/mysqld.cc:
  Added error injection code for the regression test.
sql/sp.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_lex.cc:
  Moved memory allocation from constructor to the separate init()
  member function.
  Added error injection code for the regression test.
sql/sql_lex.h:
  Moved memory allocation from constructor to the separate init()
  member function.
sql/sql_parse.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_partition.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_prepare.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_trigger.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_view.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures..
sql/thr_malloc.cc:
  Added error injection code for the regression test.

1 files changed, 21 insertions, 29 deletions

diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc
index a3776f59241..35a5e2aeefc 100644
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@@ -110,39 +110,31 @@ st_parsing_options::reset()
   allows_derived= TRUE;
 }
 
-Lex_input_stream::Lex_input_stream(THD *thd,
-                                   const char* buffer,
-                                   unsigned int length)
-: m_thd(thd),
-  yylineno(1),
-  yytoklen(0),
-  yylval(NULL),
-  m_ptr(buffer),
-  m_tok_start(NULL),
-  m_tok_end(NULL),
-  m_end_of_query(buffer + length),
-  m_tok_start_prev(NULL),
-  m_buf(buffer),
-  m_buf_length(length),
-  m_echo(TRUE),
-  m_cpp_tok_start(NULL),
-  m_cpp_tok_start_prev(NULL),
-  m_cpp_tok_end(NULL),
-  m_body_utf8(NULL),
-  m_cpp_utf8_processed_ptr(NULL),
-  next_state(MY_LEX_START),
-  found_semicolon(NULL),
-  ignore_space(test(thd->variables.sql_mode & MODE_IGNORE_SPACE)),
-  stmt_prepare_mode(FALSE),
-  in_comment(NO_COMMENT),
-  m_underscore_cs(NULL)
+
+bool Lex_input_stream::init(THD *thd, const char *buff, unsigned int length)
 {
+  DBUG_EXECUTE_IF("bug42064_simulate_oom",
+                  DBUG_SET("+d,simulate_out_of_memory"););
+
   m_cpp_buf= (char*) thd->alloc(length + 1);
+
+  DBUG_EXECUTE_IF("bug42064_simulate_oom",
+                  DBUG_SET("-d,bug42064_simulate_oom");); 
+
+  if (m_cpp_buf == NULL)
+    return FALSE;
+
   m_cpp_ptr= m_cpp_buf;
-}
+  m_thd= thd;
+  m_ptr= buff;
+  m_end_of_query= buff + length;
+  m_buf= buff;
+  m_buf_length= length;
+  ignore_space= test(thd->variables.sql_mode & MODE_IGNORE_SPACE);
+
+  return FALSE;
+  }
 
-Lex_input_stream::~Lex_input_stream()
-{}
 
 /**
   The operation is called from the parser in order to