Commit de73b729 authored by Sergey Glukhov's avatar Sergey Glukhov

Bug#38291 memory corruption and server crash with view/sp/function

Send_field.org_col_name has broken value on secondary execution.
It happens when result field is created from the field which belongs to view
due to forgotten assignment of some Send_field attributes. 
The fix:
set Send_field.org_col_name,org_table_name with correct value during Send_field intialization.

mysql-test/r/metadata.result:
  result fix
  The result file was changed because now forgotten attributes are properly set.
mysql-test/r/sp.result:
  test result
mysql-test/t/sp.test:
  test case
sql/item.cc:
  Send_field.org_col_name has broken value on secondary execution.
  It happens when result field is created from the field which belongs to view
  due to forgotten assignment of some Send_field attributes. 
  The fix:
  set Send_field.org_col_name,org_table_name with correct value during Send_field intialization.
tests/mysql_client_test.c:
  test case fix
  The test was changed because now forgotten attributes are properly set.
parent 40bd9a42
...@@ -108,11 +108,11 @@ id ...@@ -108,11 +108,11 @@ id
1 1
select * from v1 group by id limit 0; select * from v1 group by id limit 0;
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
def test t1 v1 id id 3 10 0 Y 32768 0 63 def test v1 v1 id id 3 10 0 Y 32768 0 63
id id
select * from v1 where id=1000 group by id; select * from v1 where id=1000 group by id;
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
def test t1 v1 id id 3 10 0 Y 32768 0 63 def test v1 v1 id id 3 10 0 Y 32768 0 63
id id
select * from v1 where id=1 group by id; select * from v1 where id=1 group by id;
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
...@@ -126,7 +126,7 @@ renamed ...@@ -126,7 +126,7 @@ renamed
1 1
select * from v3 where renamed=1 group by renamed; select * from v3 where renamed=1 group by renamed;
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
def v3 renamed 8 12 0 Y 32896 0 63 def v3 v3 renamed renamed 8 12 0 Y 32896 0 63
renamed renamed
drop table t1; drop table t1;
drop view v1,v2,v3; drop view v1,v2,v3;
...@@ -156,8 +156,8 @@ c1 ...@@ -156,8 +156,8 @@ c1
3 3
SELECT v1.c1, v2.c2 FROM v1 JOIN v2 ON c1=c2; SELECT v1.c1, v2.c2 FROM v1 JOIN v2 ON c1=c2;
Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr
def test t1 v1 c1 c1 254 1 1 Y 0 0 8 def test v1 v1 c1 c1 254 1 1 Y 0 0 8
def test t2 v2 c2 c2 254 1 1 Y 0 0 8 def test v2 v2 c2 c2 254 1 1 Y 0 0 8
c1 c2 c1 c2
1 1 1 1
2 2 2 2
......
...@@ -6646,6 +6646,22 @@ ttt ...@@ -6646,6 +6646,22 @@ ttt
2 2
drop function func30787; drop function func30787;
drop table t1; drop table t1;
create table t1(c1 INT);
create function f1(p1 int) returns varchar(32)
return 'aaa';
create view v1 as select f1(c1) as parent_control_name from t1;
create procedure p1()
begin
select parent_control_name as c1 from v1;
end //
call p1();
c1
call p1();
c1
drop procedure p1;
drop function f1;
drop view v1;
drop table t1;
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# -- End of 5.0 tests # -- End of 5.0 tests
# ------------------------------------------------------------------ # ------------------------------------------------------------------
...@@ -7794,6 +7794,30 @@ drop function func30787; ...@@ -7794,6 +7794,30 @@ drop function func30787;
drop table t1; drop table t1;
#
# Bug#38291 memory corruption and server crash with view/sp/function
#
create table t1(c1 INT);
create function f1(p1 int) returns varchar(32)
return 'aaa';
create view v1 as select f1(c1) as parent_control_name from t1;
delimiter //;
create procedure p1()
begin
select parent_control_name as c1 from v1;
end //
delimiter ;//
call p1();
call p1();
drop procedure p1;
drop function f1;
drop view v1;
drop table t1;
--echo # ------------------------------------------------------------------ --echo # ------------------------------------------------------------------
--echo # -- End of 5.0 tests --echo # -- End of 5.0 tests
--echo # ------------------------------------------------------------------ --echo # ------------------------------------------------------------------
...@@ -5764,6 +5764,10 @@ void Item_ref::make_field(Send_field *field) ...@@ -5764,6 +5764,10 @@ void Item_ref::make_field(Send_field *field)
field->table_name= table_name; field->table_name= table_name;
if (db_name) if (db_name)
field->db_name= db_name; field->db_name= db_name;
if (orig_field_name)
field->org_col_name= orig_field_name;
if (orig_table_name)
field->org_table_name= orig_table_name;
} }
......
...@@ -16162,7 +16162,7 @@ static void test_bug32265() ...@@ -16162,7 +16162,7 @@ static void test_bug32265()
metadata= mysql_stmt_result_metadata(stmt); metadata= mysql_stmt_result_metadata(stmt);
field= mysql_fetch_field(metadata); field= mysql_fetch_field(metadata);
DIE_UNLESS(strcmp(field->table, "v1") == 0); DIE_UNLESS(strcmp(field->table, "v1") == 0);
DIE_UNLESS(strcmp(field->org_table, "t1") == 0); DIE_UNLESS(strcmp(field->org_table, "v1") == 0);
DIE_UNLESS(strcmp(field->db, "client_test_db") == 0); DIE_UNLESS(strcmp(field->db, "client_test_db") == 0);
mysql_free_result(metadata); mysql_free_result(metadata);
mysql_stmt_close(stmt); mysql_stmt_close(stmt);
...@@ -16174,7 +16174,7 @@ static void test_bug32265() ...@@ -16174,7 +16174,7 @@ static void test_bug32265()
metadata= mysql_stmt_result_metadata(stmt); metadata= mysql_stmt_result_metadata(stmt);
field= mysql_fetch_field(metadata); field= mysql_fetch_field(metadata);
DIE_UNLESS(strcmp(field->table, "v1") == 0); DIE_UNLESS(strcmp(field->table, "v1") == 0);
DIE_UNLESS(strcmp(field->org_table, "t1") == 0); DIE_UNLESS(strcmp(field->org_table, "v1") == 0);
DIE_UNLESS(strcmp(field->db, "client_test_db") == 0); DIE_UNLESS(strcmp(field->db, "client_test_db") == 0);
mysql_free_result(metadata); mysql_free_result(metadata);
mysql_stmt_close(stmt); mysql_stmt_close(stmt);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment