A test case for Bug#49972 (Crash in prepared statements).

5ba34794 · Alexander Nozdrin · bf9c1b73 · 5ba34794
Commit 5ba34794 authored Dec 29, 2009 by Alexander Nozdrin
Hide whitespace changes
Inline Side-by-side

Showing with 110 additions and 0 deletions

tests/mysql_client_test.c tests/mysql_client_test.c +110 -0

No files found.
--- a/tests/mysql_client_test.c
+++ b/tests/mysql_client_test.c
@@ -18935,6 +18935,115 @@ static void test_bug44495()
  DBUG_VOID_RETURN;
 }

+/*
+  Bug#49972: Crash in prepared statements.
+
+  The following case lead to a server crash:
+    - Use binary protocol;
+    - Prepare a statement with OUT-parameter;
+    - Execute the statement;
+    - Cause re-prepare of the statement (change dependencies);
+    - Execute the statement again -- crash here.
+*/
+
+static void test_bug49972()
+{
+  int rc;
+  MYSQL_STMT *stmt;
+
+  MYSQL_BIND in_param_bind;
+  MYSQL_BIND out_param_bind;
+  int int_data;
+  my_bool is_null;
+
+  DBUG_ENTER("test_bug49972");
+  myheader("test_49972");
+
+  rc= mysql_query(mysql, "DROP FUNCTION IF EXISTS f1");
+  myquery(rc);
+
+  rc= mysql_query(mysql, "DROP PROCEDURE IF EXISTS p1");
+  myquery(rc);
+
+  rc= mysql_query(mysql, "CREATE FUNCTION f1() RETURNS INT RETURN 1");
+  myquery(rc);
+
+  rc= mysql_query(mysql, "CREATE PROCEDURE p1(IN a INT, OUT b INT) SET b = a");
+  myquery(rc);
+
+  stmt= mysql_simple_prepare(mysql, "CALL p1((SELECT f1()), ?)");
+  check_stmt(stmt);
+
+  bzero((char *) &in_param_bind, sizeof (in_param_bind));
+
+  in_param_bind.buffer_type= MYSQL_TYPE_LONG;
+  in_param_bind.buffer= (char *) &int_data;
+  in_param_bind.length= 0;
+  in_param_bind.is_null= 0;
+
+  rc= mysql_stmt_bind_param(stmt, &in_param_bind);
+
+  rc= mysql_stmt_execute(stmt);
+  check_execute(stmt, rc);
+
+  {
+    bzero(&out_param_bind, sizeof (out_param_bind));
+
+    out_param_bind.buffer_type= MYSQL_TYPE_LONG;
+    out_param_bind.is_null= &is_null;
+    out_param_bind.buffer= &int_data;
+    out_param_bind.buffer_length= sizeof (int_data);
+
+    rc= mysql_stmt_bind_result(stmt, &out_param_bind);
+    check_execute(stmt, rc);
+
+    rc= mysql_stmt_fetch(stmt);
+    rc= mysql_stmt_fetch(stmt);
+    DBUG_ASSERT(rc == MYSQL_NO_DATA);
+
+    mysql_stmt_next_result(stmt);
+    mysql_stmt_fetch(stmt);
+  }
+
+  rc= mysql_query(mysql, "DROP FUNCTION f1");
+  myquery(rc);
+
+  rc= mysql_query(mysql, "CREATE FUNCTION f1() RETURNS INT RETURN 1");
+  myquery(rc);
+
+  rc= mysql_stmt_execute(stmt);
+  check_execute(stmt, rc);
+
+  {
+    bzero(&out_param_bind, sizeof (out_param_bind));
+
+    out_param_bind.buffer_type= MYSQL_TYPE_LONG;
+    out_param_bind.is_null= &is_null;
+    out_param_bind.buffer= &int_data;
+    out_param_bind.buffer_length= sizeof (int_data);
+
+    rc= mysql_stmt_bind_result(stmt, &out_param_bind);
+    check_execute(stmt, rc);
+
+    rc= mysql_stmt_fetch(stmt);
+    rc= mysql_stmt_fetch(stmt);
+    DBUG_ASSERT(rc == MYSQL_NO_DATA);
+
+    mysql_stmt_next_result(stmt);
+    mysql_stmt_fetch(stmt);
+  }
+
+  mysql_stmt_close(stmt);
+
+  rc= mysql_query(mysql, "DROP PROCEDURE p1");
+  myquery(rc);
+
+  rc= mysql_query(mysql, "DROP FUNCTION f1");
+  myquery(rc);
+
+  DBUG_VOID_RETURN;
+}
+
 /*
  Read and parse arguments and MySQL options from my.cnf
 */
@@ -19264,6 +19373,7 @@ static struct my_tests_st my_tests[]= {
 #endif
  { "test_bug41078", test_bug41078 },
  { "test_bug44495", test_bug44495 },
+  { "test_bug49972", test_bug49972 },
  { 0, 0 }
 };