diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2021-04-26 22:32:58 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2021-04-27 18:21:01 +0200 |
| commit | 91599701d07a9efb02a2f27d17a8f95bc2b9accf (patch) | |
| tree | 90c462a1f291876b51a1dd3ed0e90905b5b92f75 /sql/sql_lex.cc | |
| parent | 4f63b6cf53ce2d9eaf4a8006587ebf3c4d6ddd3c (diff) | |
| download | mariadb-git-91599701d07a9efb02a2f27d17a8f95bc2b9accf.tar.gz | |
Bug#29363867: LOST CONNECTION TO MYSQL SERVER DURING QUERY
plugin variables in SET only locked the plugin till the end of the
statement. If SET with a plugin variable was prepared, it was possible
to uninstall the plugin before EXECUTE. Then EXECUTE would crash,
trying to resolve a now-invalid pointer to a disappeared variable.
Fix: keep plugins locked until the prepared statement is closed.
Diffstat (limited to 'sql/sql_lex.cc')
| -rw-r--r-- | sql/sql_lex.cc | 34 |
1 files changed, 12 insertions, 22 deletions
diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 57c6dfad4e5..c534ba76670 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -765,15 +765,15 @@ void lex_end(LEX *lex) DBUG_ENTER("lex_end"); DBUG_PRINT("enter", ("lex: %p", lex)); - lex_end_stage1(lex); - lex_end_stage2(lex); + lex_unlock_plugins(lex); + lex_end_nops(lex); DBUG_VOID_RETURN; } -void lex_end_stage1(LEX *lex) +void lex_unlock_plugins(LEX *lex) { - DBUG_ENTER("lex_end_stage1"); + DBUG_ENTER("lex_unlock_plugins"); /* release used plugins */ if (lex->plugins.elements) /* No function call and no mutex if no plugins. */ @@ -782,33 +782,23 @@ void lex_end_stage1(LEX *lex) lex->plugins.elements); } reset_dynamic(&lex->plugins); - - if (lex->context_analysis_only & CONTEXT_ANALYSIS_ONLY_PREPARE) - { - /* - Don't delete lex->sphead, it'll be needed for EXECUTE. - Note that of all statements that populate lex->sphead - only SQLCOM_COMPOUND can be PREPAREd - */ - DBUG_ASSERT(lex->sphead == 0 || lex->sql_command == SQLCOM_COMPOUND); - } - else - { - sp_head::destroy(lex->sphead); - lex->sphead= NULL; - } - DBUG_VOID_RETURN; } /* + Don't delete lex->sphead, it'll be needed for EXECUTE. + Note that of all statements that populate lex->sphead + only SQLCOM_COMPOUND can be PREPAREd + MASTER INFO parameters (or state) is normally cleared towards the end of a statement. But in case of PS, the state needs to be preserved during its lifetime and should only be cleared on PS close or deallocation. */ -void lex_end_stage2(LEX *lex) +void lex_end_nops(LEX *lex) { - DBUG_ENTER("lex_end_stage2"); + DBUG_ENTER("lex_end_nops"); + sp_head::destroy(lex->sphead); + lex->sphead= NULL; /* Reset LEX_MASTER_INFO */ lex->mi.reset(lex->sql_command == SQLCOM_CHANGE_MASTER); |