Bug#28846 Use of undocumented Prepared Statements crashes server

ALTER VIEW is currently not supported as a prepared statement
and should be disabled as such as they otherwise could cause server crashes.

ALTER VIEW is currently not supported when called from stored
procedures or functions for related reasons and should also be disabled.

This patch disables these DDL statements and adjusts the appropriate test
cases accordingly.

Additional tests has been added to reflect on the fact that we do support
CREATE/ALTER/DROP TABLE for Prepared Statements (PS), Stored Procedures (SP)
and PS within SP.


mysql-test/r/ps_1general.result:
  - Updated test to reflect on the new policy to disallow ALTER VIEW within SP.
mysql-test/r/sp-dynamic.result:
  - Added PS ALTER TABLE test from within SP-context to demonstrate that CREATE/ALTER/DROP
  TABLE statements is working.
  - Added PS CREATE/ALTER/DROP VIEW tests from within SP-context to show that
  ALTER VIEW is not supported, CREATE VIEW/DROP VIEW are supported.
mysql-test/r/sp-error.result:
  - Updated test to reflect on the new policy to disallow VIEW DDL within SP.
mysql-test/t/ps_1general.test:
  - Updated test to reflect on the new policy to disallow VIEW DDL within SP.
mysql-test/t/sp-dynamic.test:
  - Add PS ALTER TABLE test from within SP to demonstrate that CREATE/ALTER/DROP
  TABLE statements are supported.
mysql-test/t/sp-error.test:
  - Updated test to reflect on the new policy to disallow ALTER VIEW
  within SP-context.
  - Changed error code 1314 to the more abstract ER_SP_BADSTATEMENT.
sql/sql_class.h:
  - Added comment for clarity
sql/sql_parse.cc:
  - Added comment for clarity
sql/sql_prepare.cc:
  - Disallow ALTER VIEW as prepared statements until they are
    properly supported. Note that SQLCOM_CREATE_VIEW also handles ALTER VIEW
    statements.
sql/sql_view.cc:
  - converted to doxygen comments
  - Added comment for clarity
sql/sql_yacc.yy:
  - Disallow ALTER VIEW statements within a SP.
  If the parser is operating within the SP context, this is shown
  on the sp->sphead pointer. If this flag is set for view DDL operations
  we stop parsing with the error 'ER_SP_BAD_STATEMENT'.

5 files changed, 32 insertions, 11 deletions

diff --git a/sql/sql_class.h b/sql/sql_class.h
index 62f4df0719f..c2e22a6fd8b 100644
--- a/sql/sql_class.h
+++ b/sql/sql_class.h
@@ -697,6 +697,13 @@ public:
 #ifndef DBUG_OFF
   bool is_backup_arena; /* True if this arena is used for backup. */
 #endif
+  /*
+    The states relfects three diffrent life cycles for three
+    different types of statements:
+    Prepared statement: INITIALIZED -> PREPARED -> EXECUTED.
+    Stored procedure:   INITIALIZED_FOR_SP -> EXECUTED.
+    Other statements:   CONVENTIONAL_EXECUTION never changes.
+  */
   enum enum_state
   {
     INITIALIZED= 0, INITIALIZED_FOR_SP= 1, PREPARED= 2,
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 6277a6c0c10..923e019d982 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -4876,6 +4876,10 @@ create_sp_error:
 #endif // ifndef DBUG_OFF
   case SQLCOM_CREATE_VIEW:
     {
+      /*
+        Note: SQLCOM_CREATE_VIEW also handles 'ALTER VIEW' commands
+        as specified through the thd->lex->create_view_mode flag.
+      */
       if (end_active_trans(thd))
         goto error;
 
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
index 42655608196..4cdf54393de 100644
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@@ -1727,6 +1727,13 @@ static bool check_prepared_statement(Prepared_statement *stmt,
     res= mysql_test_create_table(stmt);
     break;
 
+  case SQLCOM_CREATE_VIEW:
+    if (lex->create_view_mode == VIEW_ALTER)
+    {
+      my_message(ER_UNSUPPORTED_PS, ER(ER_UNSUPPORTED_PS), MYF(0));
+      goto error;
+    }
+    break;
   case SQLCOM_DO:
     res= mysql_test_do_fields(stmt, tables, lex->insert_list);
     break;
@@ -1769,7 +1776,6 @@ static bool check_prepared_statement(Prepared_statement *stmt,
   case SQLCOM_ROLLBACK:
   case SQLCOM_TRUNCATE:
   case SQLCOM_CALL:
-  case SQLCOM_CREATE_VIEW:
   case SQLCOM_DROP_VIEW:
   case SQLCOM_REPAIR:
   case SQLCOM_ANALYZE:
diff --git a/sql/sql_view.cc b/sql/sql_view.cc
index bfa799ff289..54bd248fabb 100644
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@@ -205,18 +205,17 @@ fill_defined_view_parts (THD *thd, TABLE_LIST *view)
 }
 
 
-/*
-  Creating/altering VIEW procedure
+/**
+  @brief Creating/altering VIEW procedure
 
-  SYNOPSIS
-    mysql_create_view()
-    thd		- thread handler
-    views	- views to create
-    mode	- VIEW_CREATE_NEW, VIEW_ALTER, VIEW_CREATE_OR_REPLACE
+  @param thd thread handler
+  @param views views to create
+  @param mode VIEW_CREATE_NEW, VIEW_ALTER, VIEW_CREATE_OR_REPLACE
 
-  RETURN VALUE
-     FALSE OK
-     TRUE  Error
+  @note This function handles both create and alter view commands.
+
+  @retval FALSE Operation was a success.
+  @retval TRUE An error occured.
 */
 
 bool mysql_create_view(THD *thd, TABLE_LIST *views, 
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index b970bcaedd6..a3a9ead897e 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -3671,6 +3671,11 @@ alter:
 	  {
 	    THD *thd= YYTHD;
 	    LEX *lex= thd->lex;
+	    if (lex->sphead)
+            {
+              my_error(ER_SP_BADSTATEMENT, MYF(0), "ALTER VIEW");
+              MYSQL_YYABORT;
+            }
 	    lex->sql_command= SQLCOM_CREATE_VIEW;
 	    lex->create_view_mode= VIEW_ALTER;
 	    /* first table in list is target VIEW name */