Commit 099be801 authored by unknown's avatar unknown

Bug#28846 Use of undocumented Prepared Statements crashes server

ALTER VIEW is currently not supported as a prepared statement
and should be disabled as such as they otherwise could cause server crashes.

ALTER VIEW is currently not supported when called from stored
procedures or functions for related reasons and should also be disabled.

This patch disables these DDL statements and adjusts the appropriate test
cases accordingly.

Additional tests has been added to reflect on the fact that we do support
CREATE/ALTER/DROP TABLE for Prepared Statements (PS), Stored Procedures (SP)
and PS within SP.


mysql-test/r/ps_1general.result:
  - Updated test to reflect on the new policy to disallow ALTER VIEW within SP.
mysql-test/r/sp-dynamic.result:
  - Added PS ALTER TABLE test from within SP-context to demonstrate that CREATE/ALTER/DROP
  TABLE statements is working.
  - Added PS CREATE/ALTER/DROP VIEW tests from within SP-context to show that
  ALTER VIEW is not supported, CREATE VIEW/DROP VIEW are supported.
mysql-test/r/sp-error.result:
  - Updated test to reflect on the new policy to disallow VIEW DDL within SP.
mysql-test/t/ps_1general.test:
  - Updated test to reflect on the new policy to disallow VIEW DDL within SP.
mysql-test/t/sp-dynamic.test:
  - Add PS ALTER TABLE test from within SP to demonstrate that CREATE/ALTER/DROP
  TABLE statements are supported.
mysql-test/t/sp-error.test:
  - Updated test to reflect on the new policy to disallow ALTER VIEW
  within SP-context.
  - Changed error code 1314 to the more abstract ER_SP_BADSTATEMENT.
sql/sql_class.h:
  - Added comment for clarity
sql/sql_parse.cc:
  - Added comment for clarity
sql/sql_prepare.cc:
  - Disallow ALTER VIEW as prepared statements until they are
    properly supported. Note that SQLCOM_CREATE_VIEW also handles ALTER VIEW
    statements.
sql/sql_view.cc:
  - converted to doxygen comments
  - Added comment for clarity
sql/sql_yacc.yy:
  - Disallow ALTER VIEW statements within a SP.
  If the parser is operating within the SP context, this is shown
  on the sp->sphead pointer. If this flag is set for view DDL operations
  we stop parsing with the error 'ER_SP_BAD_STATEMENT'.
parent 0e958122
...@@ -396,6 +396,8 @@ prepare stmt1 from ' execute stmt2 ' ; ...@@ -396,6 +396,8 @@ prepare stmt1 from ' execute stmt2 ' ;
ERROR HY000: This command is not supported in the prepared statement protocol yet ERROR HY000: This command is not supported in the prepared statement protocol yet
prepare stmt1 from ' deallocate prepare never_prepared ' ; prepare stmt1 from ' deallocate prepare never_prepared ' ;
ERROR HY000: This command is not supported in the prepared statement protocol yet ERROR HY000: This command is not supported in the prepared statement protocol yet
prepare stmt1 from 'alter view v1 as select 2';
ERROR HY000: This command is not supported in the prepared statement protocol yet
prepare stmt4 from ' use test ' ; prepare stmt4 from ' use test ' ;
ERROR HY000: This command is not supported in the prepared statement protocol yet ERROR HY000: This command is not supported in the prepared statement protocol yet
prepare stmt3 from ' create database mysqltest '; prepare stmt3 from ' create database mysqltest ';
......
...@@ -87,6 +87,10 @@ prepare stmt from "create table t1 (a int)"; ...@@ -87,6 +87,10 @@ prepare stmt from "create table t1 (a int)";
execute stmt; execute stmt;
insert into t1 (a) values (1); insert into t1 (a) values (1);
select * from t1; select * from t1;
prepare stmt_alter from "alter table t1 add (b int)";
execute stmt_alter;
insert into t1 (a,b) values (2,1);
deallocate prepare stmt_alter;
deallocate prepare stmt; deallocate prepare stmt;
deallocate prepare stmt_drop; deallocate prepare stmt_drop;
end| end|
...@@ -245,6 +249,9 @@ a ...@@ -245,6 +249,9 @@ a
1 1
drop procedure p1| drop procedure p1|
drop table if exists t1| drop table if exists t1|
drop table if exists t2|
Warnings:
Note 1051 Unknown table 't2'
create table t1 (id integer primary key auto_increment, create table t1 (id integer primary key auto_increment,
stmt_text char(35), status varchar(20))| stmt_text char(35), status varchar(20))|
insert into t1 (stmt_text) values insert into t1 (stmt_text) values
...@@ -255,7 +262,10 @@ insert into t1 (stmt_text) values ...@@ -255,7 +262,10 @@ insert into t1 (stmt_text) values
("help help"), ("show databases"), ("show tables"), ("help help"), ("show databases"), ("show tables"),
("show table status"), ("show open tables"), ("show storage engines"), ("show table status"), ("show open tables"), ("show storage engines"),
("insert into t1 (id) values (1)"), ("update t1 set status=''"), ("insert into t1 (id) values (1)"), ("update t1 set status=''"),
("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar")| ("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar"),
("create view v1 as select 1"), ("alter view v1 as select 2"),
("drop view v1"),("create table t2 (a int)"),("alter table t2 add (b int)"),
("drop table t2")|
create procedure p1() create procedure p1()
begin begin
declare v_stmt_text varchar(255); declare v_stmt_text varchar(255);
...@@ -305,6 +315,12 @@ id stmt_text status ...@@ -305,6 +315,12 @@ id stmt_text status
20 truncate t1 supported 20 truncate t1 supported
21 call p1() supported 21 call p1() supported
22 foo bar syntax error 22 foo bar syntax error
23 create view v1 as select 1 supported
24 alter view v1 as select 2 not supported
25 drop view v1 supported
26 create table t2 (a int) supported
27 alter table t2 add (b int) supported
28 drop table t2 supported
drop procedure p1| drop procedure p1|
drop table t1| drop table t1|
prepare stmt from 'select 1'| prepare stmt from 'select 1'|
......
...@@ -982,9 +982,9 @@ ERROR HY000: Explicit or implicit commit is not allowed in stored function or tr ...@@ -982,9 +982,9 @@ ERROR HY000: Explicit or implicit commit is not allowed in stored function or tr
CREATE FUNCTION bug_13627_f() returns int BEGIN create view v1 as select 1; return 1; END | CREATE FUNCTION bug_13627_f() returns int BEGIN create view v1 as select 1; return 1; END |
ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger. ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger.
CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN alter view v1 as select 1; END | CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN alter view v1 as select 1; END |
ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger. ERROR 0A000: ALTER VIEW is not allowed in stored procedures
CREATE FUNCTION bug_13627_f() returns int BEGIN alter view v1 as select 1; return 1; END | CREATE FUNCTION bug_13627_f() returns int BEGIN alter view v1 as select 1; return 1; END |
ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger. ERROR 0A000: ALTER VIEW is not allowed in stored procedures
CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN drop view v1; END | CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN drop view v1; END |
ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger. ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger.
CREATE FUNCTION bug_13627_f() returns int BEGIN drop view v1; return 1; END | CREATE FUNCTION bug_13627_f() returns int BEGIN drop view v1; return 1; END |
......
...@@ -423,6 +423,10 @@ prepare stmt1 from ' execute stmt2 ' ; ...@@ -423,6 +423,10 @@ prepare stmt1 from ' execute stmt2 ' ;
--error ER_UNSUPPORTED_PS --error ER_UNSUPPORTED_PS
prepare stmt1 from ' deallocate prepare never_prepared ' ; prepare stmt1 from ' deallocate prepare never_prepared ' ;
## We don't support alter view as prepared statements
--error ER_UNSUPPORTED_PS
prepare stmt1 from 'alter view v1 as select 2';
## switch the database connection ## switch the database connection
--error 1295 --error 1295
prepare stmt4 from ' use test ' ; prepare stmt4 from ' use test ' ;
......
...@@ -85,7 +85,7 @@ call p1()| ...@@ -85,7 +85,7 @@ call p1()|
call p1()| call p1()|
drop procedure p1| drop procedure p1|
# #
# D. Create/Drop a table (a DDL that issues a commit) in Dynamic SQL. # D. Create/Drop/Alter a table (a DDL that issues a commit) in Dynamic SQL.
# (should work ok). # (should work ok).
# #
create procedure p1() create procedure p1()
...@@ -96,6 +96,10 @@ begin ...@@ -96,6 +96,10 @@ begin
execute stmt; execute stmt;
insert into t1 (a) values (1); insert into t1 (a) values (1);
select * from t1; select * from t1;
prepare stmt_alter from "alter table t1 add (b int)";
execute stmt_alter;
insert into t1 (a,b) values (2,1);
deallocate prepare stmt_alter;
deallocate prepare stmt; deallocate prepare stmt;
deallocate prepare stmt_drop; deallocate prepare stmt_drop;
end| end|
...@@ -239,6 +243,7 @@ drop procedure p1| ...@@ -239,6 +243,7 @@ drop procedure p1|
# K. Use of continue handlers with Dynamic SQL. # K. Use of continue handlers with Dynamic SQL.
# #
drop table if exists t1| drop table if exists t1|
drop table if exists t2|
create table t1 (id integer primary key auto_increment, create table t1 (id integer primary key auto_increment,
stmt_text char(35), status varchar(20))| stmt_text char(35), status varchar(20))|
insert into t1 (stmt_text) values insert into t1 (stmt_text) values
...@@ -249,7 +254,10 @@ insert into t1 (stmt_text) values ...@@ -249,7 +254,10 @@ insert into t1 (stmt_text) values
("help help"), ("show databases"), ("show tables"), ("help help"), ("show databases"), ("show tables"),
("show table status"), ("show open tables"), ("show storage engines"), ("show table status"), ("show open tables"), ("show storage engines"),
("insert into t1 (id) values (1)"), ("update t1 set status=''"), ("insert into t1 (id) values (1)"), ("update t1 set status=''"),
("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar")| ("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar"),
("create view v1 as select 1"), ("alter view v1 as select 2"),
("drop view v1"),("create table t2 (a int)"),("alter table t2 add (b int)"),
("drop table t2")|
create procedure p1() create procedure p1()
begin begin
declare v_stmt_text varchar(255); declare v_stmt_text varchar(255);
......
...@@ -1087,12 +1087,12 @@ delimiter ;| ...@@ -1087,12 +1087,12 @@ delimiter ;|
# #
# BUG 12490 (Packets out of order if calling HELP CONTENTS from Stored Procedure) # BUG 12490 (Packets out of order if calling HELP CONTENTS from Stored Procedure)
# #
--error 1314 --error ER_SP_BADSTATEMENT
CREATE PROCEDURE BUG_12490() HELP CONTENTS; CREATE PROCEDURE BUG_12490() HELP CONTENTS;
--error 1314 --error ER_SP_BADSTATEMENT
CREATE FUNCTION BUG_12490() RETURNS INT HELP CONTENTS; CREATE FUNCTION BUG_12490() RETURNS INT HELP CONTENTS;
CREATE TABLE t_bug_12490(a int); CREATE TABLE t_bug_12490(a int);
--error 1314 --error ER_SP_BADSTATEMENT
CREATE TRIGGER BUG_12490 BEFORE UPDATE ON t_bug_12490 FOR EACH ROW HELP CONTENTS; CREATE TRIGGER BUG_12490 BEFORE UPDATE ON t_bug_12490 FOR EACH ROW HELP CONTENTS;
DROP TABLE t_bug_12490; DROP TABLE t_bug_12490;
...@@ -1397,9 +1397,9 @@ CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN create view v1 as sele ...@@ -1397,9 +1397,9 @@ CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN create view v1 as sele
-- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG -- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG
CREATE FUNCTION bug_13627_f() returns int BEGIN create view v1 as select 1; return 1; END | CREATE FUNCTION bug_13627_f() returns int BEGIN create view v1 as select 1; return 1; END |
-- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG -- error ER_SP_BADSTATEMENT
CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN alter view v1 as select 1; END | CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN alter view v1 as select 1; END |
-- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG -- error ER_SP_BADSTATEMENT
CREATE FUNCTION bug_13627_f() returns int BEGIN alter view v1 as select 1; return 1; END | CREATE FUNCTION bug_13627_f() returns int BEGIN alter view v1 as select 1; return 1; END |
-- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG -- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG
......
...@@ -697,6 +697,13 @@ class Query_arena ...@@ -697,6 +697,13 @@ class Query_arena
#ifndef DBUG_OFF #ifndef DBUG_OFF
bool is_backup_arena; /* True if this arena is used for backup. */ bool is_backup_arena; /* True if this arena is used for backup. */
#endif #endif
/*
The states relfects three diffrent life cycles for three
different types of statements:
Prepared statement: INITIALIZED -> PREPARED -> EXECUTED.
Stored procedure: INITIALIZED_FOR_SP -> EXECUTED.
Other statements: CONVENTIONAL_EXECUTION never changes.
*/
enum enum_state enum enum_state
{ {
INITIALIZED= 0, INITIALIZED_FOR_SP= 1, PREPARED= 2, INITIALIZED= 0, INITIALIZED_FOR_SP= 1, PREPARED= 2,
......
...@@ -4876,6 +4876,10 @@ mysql_execute_command(THD *thd) ...@@ -4876,6 +4876,10 @@ mysql_execute_command(THD *thd)
#endif // ifndef DBUG_OFF #endif // ifndef DBUG_OFF
case SQLCOM_CREATE_VIEW: case SQLCOM_CREATE_VIEW:
{ {
/*
Note: SQLCOM_CREATE_VIEW also handles 'ALTER VIEW' commands
as specified through the thd->lex->create_view_mode flag.
*/
if (end_active_trans(thd)) if (end_active_trans(thd))
goto error; goto error;
......
...@@ -1727,6 +1727,13 @@ static bool check_prepared_statement(Prepared_statement *stmt, ...@@ -1727,6 +1727,13 @@ static bool check_prepared_statement(Prepared_statement *stmt,
res= mysql_test_create_table(stmt); res= mysql_test_create_table(stmt);
break; break;
case SQLCOM_CREATE_VIEW:
if (lex->create_view_mode == VIEW_ALTER)
{
my_message(ER_UNSUPPORTED_PS, ER(ER_UNSUPPORTED_PS), MYF(0));
goto error;
}
break;
case SQLCOM_DO: case SQLCOM_DO:
res= mysql_test_do_fields(stmt, tables, lex->insert_list); res= mysql_test_do_fields(stmt, tables, lex->insert_list);
break; break;
...@@ -1769,7 +1776,6 @@ static bool check_prepared_statement(Prepared_statement *stmt, ...@@ -1769,7 +1776,6 @@ static bool check_prepared_statement(Prepared_statement *stmt,
case SQLCOM_ROLLBACK: case SQLCOM_ROLLBACK:
case SQLCOM_TRUNCATE: case SQLCOM_TRUNCATE:
case SQLCOM_CALL: case SQLCOM_CALL:
case SQLCOM_CREATE_VIEW:
case SQLCOM_DROP_VIEW: case SQLCOM_DROP_VIEW:
case SQLCOM_REPAIR: case SQLCOM_REPAIR:
case SQLCOM_ANALYZE: case SQLCOM_ANALYZE:
......
...@@ -205,18 +205,17 @@ fill_defined_view_parts (THD *thd, TABLE_LIST *view) ...@@ -205,18 +205,17 @@ fill_defined_view_parts (THD *thd, TABLE_LIST *view)
} }
/* /**
Creating/altering VIEW procedure @brief Creating/altering VIEW procedure
SYNOPSIS @param thd thread handler
mysql_create_view() @param views views to create
thd - thread handler @param mode VIEW_CREATE_NEW, VIEW_ALTER, VIEW_CREATE_OR_REPLACE
views - views to create
mode - VIEW_CREATE_NEW, VIEW_ALTER, VIEW_CREATE_OR_REPLACE
RETURN VALUE @note This function handles both create and alter view commands.
FALSE OK
TRUE Error @retval FALSE Operation was a success.
@retval TRUE An error occured.
*/ */
bool mysql_create_view(THD *thd, TABLE_LIST *views, bool mysql_create_view(THD *thd, TABLE_LIST *views,
......
...@@ -3671,6 +3671,11 @@ alter: ...@@ -3671,6 +3671,11 @@ alter:
{ {
THD *thd= YYTHD; THD *thd= YYTHD;
LEX *lex= thd->lex; LEX *lex= thd->lex;
if (lex->sphead)
{
my_error(ER_SP_BADSTATEMENT, MYF(0), "ALTER VIEW");
MYSQL_YYABORT;
}
lex->sql_command= SQLCOM_CREATE_VIEW; lex->sql_command= SQLCOM_CREATE_VIEW;
lex->create_view_mode= VIEW_ALTER; lex->create_view_mode= VIEW_ALTER;
/* first table in list is target VIEW name */ /* first table in list is target VIEW name */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment