Commit 0f64a495 authored by unknown's avatar unknown

"Fix" for bug #11394 "Recursion in SP crash server" and bug #11600

"Stored procedures: crash with function calling itself".

Disallow recursive stored routines until we either make Item's and LEX
reentrant safe or will use spearate sp_head instances (and thus separate
LEX objects and Item trees) for each routine invocation.


mysql-test/r/sp-error.result:
  Added tests for bug #11394 "Recursion in SP crash server" and
  bug #11600 "Stored procedures: crash with function calling itself".
  (We simply disallow recursion for stored routines).
mysql-test/r/sp.result:
  Disabled test cases containing recursive stored routines until we will
  support for them.
mysql-test/t/sp-error.test:
  Added tests for bug #11394 "Recursion in SP crash server" and
  bug #11600 "Stored procedures: crash with function calling itself".
  (We simply disallow recursion for stored routines).
mysql-test/t/sp.test:
  Disabled test cases containing recursive stored routines until we will
  support for them.
sql/share/errmsg.txt:
  Added error message saying that recursive stored routines are disallowed.
sql/sp_head.cc:
  sp_head::execute():
    Since many Item's and LEX members can't be used in reentrant fashion
    we have to disable recursion for stored routines. So let us track
    routine invocations using sp_head::m_is_invoked member and raise
    error when one attempts to call routine recursively.
sql/sp_head.h:
  sp_head:
    Added m_is_invoked member for tracking of routine invocations and
    preventing recursion.
parent 17bd4e9f
...@@ -686,3 +686,43 @@ ERROR 0A000: EXECUTE is not allowed in stored procedures ...@@ -686,3 +686,43 @@ ERROR 0A000: EXECUTE is not allowed in stored procedures
create function f() returns int begin execute stmt; create function f() returns int begin execute stmt;
ERROR 0A000: EXECUTE is not allowed in stored procedures ERROR 0A000: EXECUTE is not allowed in stored procedures
deallocate prepare stmt; deallocate prepare stmt;
drop function if exists bug11394|
drop function if exists bug11394_1|
drop function if exists bug11394_2|
drop procedure if exists bug11394|
create function bug11394(i int) returns int
begin
if i <= 0 then
return 0;
else
return (i in (100, 200, bug11394(i-1), 400));
end if;
end|
select bug11394(2)|
ERROR HY000: Recursive stored routines are not allowed.
drop function bug11394|
create function bug11394_1(i int) returns int
begin
if i <= 0 then
return 0;
else
return (select bug11394_1(i-1));
end if;
end|
select bug11394_1(2)|
ERROR HY000: Recursive stored routines are not allowed.
drop function bug11394_1|
create function bug11394_2(i int) returns int return i|
select bug11394_2(bug11394_2(10))|
bug11394_2(bug11394_2(10))
10
drop function bug11394_2|
create procedure bug11394(i int, j int)
begin
if i > 0 then
call bug11394(i - 1,(select 1));
end if;
end|
call bug11394(2, 1)|
ERROR HY000: Recursive stored routines are not allowed.
drop procedure bug11394|
...@@ -1396,60 +1396,6 @@ drop procedure opp| ...@@ -1396,60 +1396,6 @@ drop procedure opp|
drop procedure ip| drop procedure ip|
show procedure status like '%p%'| show procedure status like '%p%'|
Db Name Type Definer Modified Created Security_type Comment Db Name Type Definer Modified Created Security_type Comment
drop table if exists fib|
create table fib ( f bigint unsigned not null )|
drop procedure if exists fib|
create procedure fib(n int unsigned)
begin
if n > 1 then
begin
declare x, y bigint unsigned;
declare c cursor for select f from fib order by f desc limit 2;
open c;
fetch c into y;
fetch c into x;
close c;
insert into fib values (x+y);
call fib(n-1);
end;
end if;
end|
insert into fib values (0), (1)|
call fib(3)|
select * from fib order by f asc|
f
0
1
1
2
delete from fib|
insert into fib values (0), (1)|
call fib(20)|
select * from fib order by f asc|
f
0
1
1
2
3
5
8
13
21
34
55
89
144
233
377
610
987
1597
2584
4181
6765
drop table fib|
drop procedure fib|
drop procedure if exists bar| drop procedure if exists bar|
create procedure bar(x char(16), y int) create procedure bar(x char(16), y int)
comment "111111111111" sql security invoker comment "111111111111" sql security invoker
...@@ -2506,20 +2452,6 @@ s1 ...@@ -2506,20 +2452,6 @@ s1
1 1
drop procedure bug4905| drop procedure bug4905|
drop table t3| drop table t3|
drop function if exists bug6022|
drop function if exists bug6022|
create function bug6022(x int) returns int
begin
if x < 0 then
return 0;
else
return bug6022(x-1);
end if;
end|
select bug6022(5)|
bug6022(5)
0
drop function bug6022|
drop procedure if exists bug6029| drop procedure if exists bug6029|
drop procedure if exists bug6029| drop procedure if exists bug6029|
create procedure bug6029() create procedure bug6029()
......
...@@ -986,3 +986,58 @@ create procedure p() execute stmt; ...@@ -986,3 +986,58 @@ create procedure p() execute stmt;
create function f() returns int begin execute stmt; create function f() returns int begin execute stmt;
deallocate prepare stmt; deallocate prepare stmt;
#
# Bug #11394 "Recursion in SP crash server" and bug #11600 "Stored
# procedures: crash with function calling itself".
# We have to disable recursion since in many cases LEX and many
# Item's can't be used in reentrant way nowdays.
delimiter |;
--disable_warnings
drop function if exists bug11394|
drop function if exists bug11394_1|
drop function if exists bug11394_2|
drop procedure if exists bug11394|
--enable_warnings
create function bug11394(i int) returns int
begin
if i <= 0 then
return 0;
else
return (i in (100, 200, bug11394(i-1), 400));
end if;
end|
# If we allow recursive functions without additional modifications
# this will crash server since Item for "IN" is not reenterable.
--error 1423
select bug11394(2)|
drop function bug11394|
create function bug11394_1(i int) returns int
begin
if i <= 0 then
return 0;
else
return (select bug11394_1(i-1));
end if;
end|
# The following statement will crash because some LEX members responsible
# for selects cannot be used in reentrant fashion.
--error 1423
select bug11394_1(2)|
drop function bug11394_1|
# Note that the following should be allowed since it does not contains
# recursion
create function bug11394_2(i int) returns int return i|
select bug11394_2(bug11394_2(10))|
drop function bug11394_2|
create procedure bug11394(i int, j int)
begin
if i > 0 then
call bug11394(i - 1,(select 1));
end if;
end|
# Again if we allow recursion for stored procedures (without
# additional efforts) the following statement will crash the server.
--error 1423
call bug11394(2, 1)|
drop procedure bug11394|
delimiter |;
...@@ -1630,54 +1630,56 @@ show procedure status like '%p%'| ...@@ -1630,54 +1630,56 @@ show procedure status like '%p%'|
# Fibonacci, for recursion test. (Yet Another Numerical series :) # Fibonacci, for recursion test. (Yet Another Numerical series :)
#
--disable_warnings # This part of test is disabled until we implement support for
drop table if exists fib| # recursive stored procedures.
--enable_warnings #--disable_warnings
create table fib ( f bigint unsigned not null )| #drop table if exists fib|
#--enable_warnings
# We deliberately do it the awkward way, fetching the last two #create table fib ( f bigint unsigned not null )|
# values from the table, in order to exercise various statements #
# and table accesses at each turn. ## We deliberately do it the awkward way, fetching the last two
--disable_warnings ## values from the table, in order to exercise various statements
drop procedure if exists fib| ## and table accesses at each turn.
--enable_warnings #--disable_warnings
create procedure fib(n int unsigned) #drop procedure if exists fib|
begin #--enable_warnings
if n > 1 then #create procedure fib(n int unsigned)
begin #begin
declare x, y bigint unsigned; # if n > 1 then
declare c cursor for select f from fib order by f desc limit 2; # begin
# declare x, y bigint unsigned;
open c; # declare c cursor for select f from fib order by f desc limit 2;
fetch c into y; #
fetch c into x; # open c;
close c; # fetch c into y;
insert into fib values (x+y); # fetch c into x;
call fib(n-1); # close c;
end; # insert into fib values (x+y);
end if; # call fib(n-1);
end| # end;
# end if;
# Minimum test: recursion of 3 levels #end|
#
insert into fib values (0), (1)| ## Minimum test: recursion of 3 levels
#
call fib(3)| #insert into fib values (0), (1)|
#
select * from fib order by f asc| #call fib(3)|
#
delete from fib| #select * from fib order by f asc|
#
# Original test: 20 levels (may run into memory limits!) #delete from fib|
#
insert into fib values (0), (1)| ## Original test: 20 levels (may run into memory limits!)
#
call fib(20)| #insert into fib values (0), (1)|
#
select * from fib order by f asc| #call fib(20)|
drop table fib| #
drop procedure fib| #select * from fib order by f asc|
#drop table fib|
#drop procedure fib|
# #
...@@ -3011,24 +3013,26 @@ drop table t3| ...@@ -3011,24 +3013,26 @@ drop table t3|
# #
# BUG#6022: Stored procedure shutdown problem with self-calling function. # BUG#6022: Stored procedure shutdown problem with self-calling function.
# #
--disable_warnings # This part of test is disabled until we implement support for
drop function if exists bug6022| # recursive stored functions.
--enable_warnings #--disable_warnings
#drop function if exists bug6022|
--disable_warnings #--enable_warnings
drop function if exists bug6022| #
--enable_warnings #--disable_warnings
create function bug6022(x int) returns int #drop function if exists bug6022|
begin #--enable_warnings
if x < 0 then #create function bug6022(x int) returns int
return 0; #begin
else # if x < 0 then
return bug6022(x-1); # return 0;
end if; # else
end| # return bug6022(x-1);
# end if;
select bug6022(5)| #end|
drop function bug6022| #
#select bug6022(5)|
#drop function bug6022|
# #
# BUG#6029: Stored procedure specific handlers should have priority # BUG#6029: Stored procedure specific handlers should have priority
......
...@@ -5358,3 +5358,5 @@ ER_STMT_HAS_NO_OPEN_CURSOR ...@@ -5358,3 +5358,5 @@ ER_STMT_HAS_NO_OPEN_CURSOR
eng "The statement (%lu) has no open cursor." eng "The statement (%lu) has no open cursor."
ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG
eng "Explicit or implicit commit is not allowed in stored function or trigger." eng "Explicit or implicit commit is not allowed in stored function or trigger."
ER_SP_NO_RECURSION
eng "Recursive stored routines are not allowed."
...@@ -312,7 +312,8 @@ sp_head::operator delete(void *ptr, size_t size) ...@@ -312,7 +312,8 @@ sp_head::operator delete(void *ptr, size_t size)
sp_head::sp_head() sp_head::sp_head()
:Query_arena(&main_mem_root, INITIALIZED_FOR_SP), :Query_arena(&main_mem_root, INITIALIZED_FOR_SP),
m_returns_cs(NULL), m_has_return(FALSE), m_returns_cs(NULL), m_has_return(FALSE),
m_simple_case(FALSE), m_multi_results(FALSE), m_in_handler(FALSE) m_simple_case(FALSE), m_multi_results(FALSE), m_in_handler(FALSE),
m_is_invoked(FALSE)
{ {
extern byte * extern byte *
sp_table_key(const byte *ptr, uint *plen, my_bool first); sp_table_key(const byte *ptr, uint *plen, my_bool first);
...@@ -587,6 +588,28 @@ sp_head::execute(THD *thd) ...@@ -587,6 +588,28 @@ sp_head::execute(THD *thd)
DBUG_RETURN(-1); DBUG_RETURN(-1);
} }
if (m_is_invoked)
{
/*
We have to disable recursion for stored routines since in
many cases LEX structure and many Item's can't be used in
reentrant way now.
TODO: We can circumvent this problem by using separate
sp_head instances for each recursive invocation.
NOTE: Theoretically arguments of procedure can be evaluated
before its invocation so there should be no problem with
recursion. But since we perform cleanup for CALL statement
as for any other statement only after its execution, its LEX
structure is not reusable for recursive calls. Thus we have
to prohibit recursion for stored procedures too.
*/
my_error(ER_SP_NO_RECURSION, MYF(0));
DBUG_RETURN(-1);
}
m_is_invoked= TRUE;
dbchanged= FALSE; dbchanged= FALSE;
if (m_db.length && if (m_db.length &&
(ret= sp_use_new_db(thd, m_db.str, olddb, sizeof(olddb), 0, &dbchanged))) (ret= sp_use_new_db(thd, m_db.str, olddb, sizeof(olddb), 0, &dbchanged)))
...@@ -704,6 +727,7 @@ sp_head::execute(THD *thd) ...@@ -704,6 +727,7 @@ sp_head::execute(THD *thd)
if (! thd->killed) if (! thd->killed)
ret= sp_change_db(thd, olddb, 0); ret= sp_change_db(thd, olddb, 0);
} }
m_is_invoked= FALSE;
DBUG_RETURN(ret); DBUG_RETURN(ret);
} }
......
...@@ -259,6 +259,9 @@ class sp_head :private Query_arena ...@@ -259,6 +259,9 @@ class sp_head :private Query_arena
*/ */
HASH m_sptabs; HASH m_sptabs;
/* Used for tracking of routine invocations and preventing recursion. */
bool m_is_invoked;
int int
execute(THD *thd); execute(THD *thd);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment