diff options
| author | Kristofer Pettersson <kristofer.pettersson@sun.com> | 2009-10-19 09:43:33 +0200 |
|---|---|---|
| committer | Kristofer Pettersson <kristofer.pettersson@sun.com> | 2009-10-19 09:43:33 +0200 |
| commit | 834ba32293173639880423839bbd245c601c0d50 (patch) | |
| tree | 89e9504b75534f7f836f5aed34370d36c39f277d /sql/sql_yacc.yy | |
| parent | c2c12c240269eafc21c6d3fc6a9f0a41c4eaed20 (diff) | |
| download | mariadb-git-834ba32293173639880423839bbd245c601c0d50.tar.gz | |
Bug#47627 SET @@{global.session}.local_variable in stored routine causes crash
Adding @@session and @@global prefixes to a
declared variable in a stored procedure the server
would lead to a crash.
The reason was that during the parsing of the
syntactic rule 'option_value' an uninitialized
set_var object was pushed to the parameter stack
of the SET statement. The parent rule
'option_type_value' interpreted the existence of
variables on the parameter stack as an assignment
and wrapped it in a sp_instr_set object.
As the procedure later was executed an attempt
was made to run the method 'check()' on an
uninitialized member object (NULL value) belonging
to the previously created but uninitialized object.
sql/sql_yacc.yy:
* Assign the option_type at once since it is needed by the next
parsing rule (internal_variable_name)
* Rearranged the if statement to reduce negations and gain more
clarity of code.
* Added check for option_type to better detect if current
variable is a SP local variable or a system variable.
Diffstat (limited to 'sql/sql_yacc.yy')
| -rw-r--r-- | sql/sql_yacc.yy | 61 |
1 files changed, 47 insertions, 14 deletions
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 12e124230e5..ceebde4f7b3 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -11783,8 +11783,17 @@ option_type: ; option_type2: - /* empty */ { $$= OPT_DEFAULT; } - | ONE_SHOT_SYM { Lex->one_shot_set= 1; $$= OPT_SESSION; } + /* empty */ + { + $$= OPT_DEFAULT; + Lex->option_type= OPT_DEFAULT; + } + | ONE_SHOT_SYM + { + Lex->one_shot_set= 1; + $$= OPT_SESSION; + Lex->option_type= OPT_SESSION; + } ; opt_var_type: @@ -11795,10 +11804,26 @@ opt_var_type: ; opt_var_ident_type: - /* empty */ { $$=OPT_DEFAULT; } - | GLOBAL_SYM '.' { $$=OPT_GLOBAL; } - | LOCAL_SYM '.' { $$=OPT_SESSION; } - | SESSION_SYM '.' { $$=OPT_SESSION; } + /* empty */ + { + $$=OPT_DEFAULT; + Lex->option_type= OPT_DEFAULT; + } + | GLOBAL_SYM '.' + { + $$=OPT_GLOBAL; + Lex->option_type= OPT_GLOBAL; + } + | LOCAL_SYM '.' + { + $$=OPT_SESSION; + Lex->option_type= OPT_SESSION; + } + | SESSION_SYM '.' + { + $$=OPT_SESSION; + Lex->option_type= OPT_SESSION; + } ; ext_option_value: @@ -12038,8 +12063,22 @@ internal_variable_name: sp_pcontext *spc= lex->spcont; sp_variable_t *spv; - /* We have to lookup here since local vars can shadow sysvars */ - if (!spc || !(spv = spc->find_variable(&$1))) + /* + We have to lookup here since local vars can shadow sysvars. + + We also have to inspect the option_type first since the variable + identifier might have been prefixed with @@session or @@global + prefixes. Without this check we would wrongly identify them + as SP local variables. + */ + if (lex->option_type == OPT_DEFAULT && spc && + (spv= spc->find_variable(&$1))) + { + /* An SP local variable */ + $$.var= NULL; + $$.base_name= $1; + } + else { /* Not an SP local variable */ sys_var *tmp=find_sys_var(thd, $1.str, $1.length); @@ -12056,12 +12095,6 @@ internal_variable_name: lex->sphead->m_flags|= sp_head::HAS_SET_AUTOCOMMIT_STMT; } } - else - { - /* An SP local variable */ - $$.var= NULL; - $$.base_name= $1; - } } | ident '.' ident { |