Bug#34587 Creating a view inside a stored procedure leads to a server crash

The problem is that when a stored procedure is being parsed for
the first execution, the body is copied to a temporary buffer
which is disregarded sometime after the statement is parsed.
And during this parsing phase, the rule for CREATE VIEW was
holding a reference to the string being parsed for use during
the execution of the CREATE VIEW statement, leading to invalid
memory access later.

The solution is to allocate and copy the SELECT of a CREATE
VIEW statement using the thread memory root, which is set to
the permanent arena of the stored procedure. 


mysql-test/r/view.result:
  Add test case result for Bug#34587
mysql-test/t/view.test:
  Add test case for Bug#34587
sql/sql_lex.h:
  Remove start and end position variables. The SELECT of a
  CREATE VIEW is now allocated at parse time.
sql/sql_view.cc:
  Remove assertion that is not true when the statement is
  being re-executed. Use string that was trimmed of leading
  and trailing whitespace at parse time.
sql/sql_yacc.yy:
  Allocate the SELECT of a CREATE VIEW using the current thread
  memory root and remove any leading and trailing whitespace.

1 files changed, 2 insertions, 4 deletions

diff --git a/sql/sql_lex.h b/sql/sql_lex.h
index ef0a9bb11ef..744019c8ae9 100644
--- a/sql/sql_lex.h
+++ b/sql/sql_lex.h
@@ -1513,10 +1513,8 @@ typedef struct st_lex : public Query_tables_list
   /* store original leaf_tables for INSERT SELECT and PS/SP */
   TABLE_LIST *leaf_tables_insert;
 
-  /** Start of SELECT of CREATE VIEW statement */
-  const char* create_view_select_start;
-  /** End of SELECT of CREATE VIEW statement */
-  const char* create_view_select_end;
+  /** SELECT of CREATE VIEW statement */
+  LEX_STRING create_view_select;
 
   /** Start of 'ON table', in trigger statements.  */
   const char* raw_trg_on_table_name_begin;