diff options
| -rw-r--r-- | mysql-test/r/sp-destruct.result | 57 | ||||
| -rw-r--r-- | mysql-test/t/sp-destruct.test | 35 | ||||
| -rw-r--r-- | sql/sp.h | 12 | ||||
| -rw-r--r-- | sql/sql_show.cc | 13 |
4 files changed, 112 insertions, 5 deletions
diff --git a/mysql-test/r/sp-destruct.result b/mysql-test/r/sp-destruct.result index 5bb3b17d4b8..42bbe3681ae 100644 --- a/mysql-test/r/sp-destruct.result +++ b/mysql-test/r/sp-destruct.result @@ -171,3 +171,60 @@ create database mysqltest1; create procedure mysqltest1.foo() select "foo"; update mysql.proc set name='' where db='mysqltest1'; drop database mysqltest1; +# +# MDEV-15444 Querying I_S.PARAMETERS can crash with a corrupted mysql.proc +# +CREATE OR REPLACE FUNCTION f1 (a INT) RETURNS INT RETURN 10; +CREATE OR REPLACE FUNCTION f2 (a INT) RETURNS INT RETURN 10; +SELECT +@type0:=COLUMN_TYPE AS t0, +@type1:=REPLACE(COLUMN_TYPE,')',',''XXX'')') AS t1 +FROM INFORMATION_SCHEMA.COLUMNS +WHERE table_schema='mysql' AND table_name='proc' AND column_name='type'; +t0 enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') +t1 enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY','XXX') +EXECUTE IMMEDIATE CONCAT('ALTER TABLE mysql.proc MODIFY type ', @type1); +SHOW COLUMNS IN mysql.proc LIKE 'type'; +Field Type Null Key Default Extra +type enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY','XXX') NO PRI NULL +UPDATE mysql.proc SET type='XXX' WHERE name='f1' AND db='test'; +SELECT * FROM INFORMATION_SCHEMA.PARAMETERS WHERE SPECIFIC_SCHEMA='test'; +SPECIFIC_CATALOG def +SPECIFIC_SCHEMA test +SPECIFIC_NAME f2 +ORDINAL_POSITION 0 +PARAMETER_MODE NULL +PARAMETER_NAME NULL +DATA_TYPE int +CHARACTER_MAXIMUM_LENGTH NULL +CHARACTER_OCTET_LENGTH NULL +NUMERIC_PRECISION 10 +NUMERIC_SCALE 0 +DATETIME_PRECISION NULL +CHARACTER_SET_NAME NULL +COLLATION_NAME NULL +DTD_IDENTIFIER int(11) +ROUTINE_TYPE FUNCTION +SPECIFIC_CATALOG def +SPECIFIC_SCHEMA test +SPECIFIC_NAME f2 +ORDINAL_POSITION 1 +PARAMETER_MODE IN +PARAMETER_NAME a +DATA_TYPE int +CHARACTER_MAXIMUM_LENGTH NULL +CHARACTER_OCTET_LENGTH NULL +NUMERIC_PRECISION 10 +NUMERIC_SCALE 0 +DATETIME_PRECISION NULL +CHARACTER_SET_NAME NULL +COLLATION_NAME NULL +DTD_IDENTIFIER int(11) +ROUTINE_TYPE FUNCTION +UPDATE mysql.proc SET type='FUNCTION' WHERE name='f1' AND db='test'; +EXECUTE IMMEDIATE CONCAT('ALTER TABLE mysql.proc MODIFY type ', @type0); +SHOW COLUMNS IN mysql.proc LIKE 'type'; +Field Type Null Key Default Extra +type enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') NO PRI NULL +DROP FUNCTION f1; +DROP FUNCTION f2; diff --git a/mysql-test/t/sp-destruct.test b/mysql-test/t/sp-destruct.test index 31da235d906..c0a83b12206 100644 --- a/mysql-test/t/sp-destruct.test +++ b/mysql-test/t/sp-destruct.test @@ -285,3 +285,38 @@ create database mysqltest1; create procedure mysqltest1.foo() select "foo"; update mysql.proc set name='' where db='mysqltest1'; drop database mysqltest1; + + +--echo # +--echo # MDEV-15444 Querying I_S.PARAMETERS can crash with a corrupted mysql.proc +--echo # + +CREATE OR REPLACE FUNCTION f1 (a INT) RETURNS INT RETURN 10; +CREATE OR REPLACE FUNCTION f2 (a INT) RETURNS INT RETURN 10; + +# Get the current data type for mysql.proc.type +--vertical_results +SELECT + @type0:=COLUMN_TYPE AS t0, + @type1:=REPLACE(COLUMN_TYPE,')',',''XXX'')') AS t1 + FROM INFORMATION_SCHEMA.COLUMNS +WHERE table_schema='mysql' AND table_name='proc' AND column_name='type'; +--horizontal_results + +# Change mysql.proc.type and update the record for 'f1' +EXECUTE IMMEDIATE CONCAT('ALTER TABLE mysql.proc MODIFY type ', @type1); +SHOW COLUMNS IN mysql.proc LIKE 'type'; +UPDATE mysql.proc SET type='XXX' WHERE name='f1' AND db='test'; + +# Check the I_S query +--vertical_results +SELECT * FROM INFORMATION_SCHEMA.PARAMETERS WHERE SPECIFIC_SCHEMA='test'; +--horizontal_results + +# Restore the record for 'f1' and restore mysql.proc.type +UPDATE mysql.proc SET type='FUNCTION' WHERE name='f1' AND db='test'; +EXECUTE IMMEDIATE CONCAT('ALTER TABLE mysql.proc MODIFY type ', @type0); +SHOW COLUMNS IN mysql.proc LIKE 'type'; + +DROP FUNCTION f1; +DROP FUNCTION f2; @@ -122,6 +122,16 @@ public: static const Sp_handler *handler(enum enum_sql_command cmd); static const Sp_handler *handler(stored_procedure_type type); static const Sp_handler *handler(MDL_key::enum_mdl_namespace ns); + /* + Return a handler only those SP objects that store + definitions in the mysql.proc system table + */ + static const Sp_handler *handler_mysql_proc(stored_procedure_type type) + { + const Sp_handler *sph= handler(type); + return sph ? sph->sp_handler_mysql_proc() : NULL; + } + static bool eq_routine_name(const LEX_CSTRING &name1, const LEX_CSTRING &name2) { @@ -153,6 +163,7 @@ public: return m_empty_body; } virtual MDL_key::enum_mdl_namespace get_mdl_type() const= 0; + virtual const Sp_handler *sp_handler_mysql_proc() const { return this; } virtual sp_cache **get_cache(THD *) const { return NULL; } #ifndef NO_EMBEDDED_ACCESS_CHECKS virtual HASH *get_priv_hash() const { return NULL; } @@ -434,6 +445,7 @@ public: DBUG_ASSERT(0); return MDL_key::TRIGGER; } + const Sp_handler *sp_handler_mysql_proc() const { return NULL; } }; diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 0408bdab47d..9b1a54bd095 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -6155,9 +6155,11 @@ bool store_schema_params(THD *thd, TABLE *table, TABLE *proc_table, proc_table->field[MYSQL_PROC_FIELD_NAME]->val_str_nopad(thd->mem_root, &name); proc_table->field[MYSQL_PROC_FIELD_DEFINER]->val_str_nopad(thd->mem_root, &definer); sql_mode= (sql_mode_t) proc_table->field[MYSQL_PROC_FIELD_SQL_MODE]->val_int(); - sph= Sp_handler::handler((stored_procedure_type) proc_table->field[MYSQL_PROC_MYSQL_TYPE]->val_int()); + sph= Sp_handler::handler_mysql_proc((stored_procedure_type) + proc_table->field[MYSQL_PROC_MYSQL_TYPE]-> + val_int()); if (!sph) - sph= &sp_handler_procedure; + DBUG_RETURN(0); if (!full_access) full_access= !strcmp(sp_user, definer.str); @@ -6265,10 +6267,11 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table, proc_table->field[MYSQL_PROC_FIELD_DB]->val_str_nopad(thd->mem_root, &db); proc_table->field[MYSQL_PROC_FIELD_NAME]->val_str_nopad(thd->mem_root, &name); proc_table->field[MYSQL_PROC_FIELD_DEFINER]->val_str_nopad(thd->mem_root, &definer); - sph= Sp_handler::handler((stored_procedure_type) - proc_table->field[MYSQL_PROC_MYSQL_TYPE]->val_int()); + sph= Sp_handler::handler_mysql_proc((stored_procedure_type) + proc_table->field[MYSQL_PROC_MYSQL_TYPE]-> + val_int()); if (!sph) - sph= &sp_handler_procedure; + return 0; if (!full_access) full_access= !strcmp(sp_user, definer.str); |