-
Alexander Barkov authored
sp_instr_cursor_copy_struct::exec_core() created TYPELIBs on a wrong mem_root, the one which is initialized in sp_head::execute(), this code: /* init per-instruction memroot */ init_sql_alloc(&execute_mem_root, "per_instruction_memroot", MEM_ROOT_BLOCK_SIZE, 0, MYF(0)); This memory root cleans up after every sp_instr_xxx executed, so later sp_instr_cfetch::execute() tried to use already freed and trashed memory. Changing sp_instr_cursor_copy_struct::exec_core() to call tmp.export_structure() inside this block (not outside of it): thd->set_n_backup_active_arena(thd->spcont->callers_arena, ¤t_arena); ... thd->restore_active_arena(thd->spcont->callers_arena, ¤t_arena); So now TYPELIBs created by sp_instr_cursor_copy_struct::exec_core() are still available and valid when sp_instr_cfetch::execute() is called. They are freed at the end of dispatch_command() corresponding to the "CALL p1" statement.13cd4cf4
