A fix and a test case for Bug#15392 "Server crashes during

prepared statement execute
2025-01-19 05:22:25 +01:00 · 2005-12-07 00:57:15 +03:00 · 2005-12-07 00:57:15 +03:00 · 712385568f
commit 712385568f
parent adc8051c71
3 changed files with 96 additions and 10 deletions
--- a/mysql-test/r/sp.result
+++ b/mysql-test/r/sp.result
@ -4153,4 +4153,43 @@ A local variable in a nested compound statement takes precedence over table colu
 a - local variable in a nested compound statement
 A local variable in a nested compound statement takes precedence over table column in cursors
 a - local variable in a nested compound statement
+drop schema if exists mysqltest1|
+Warnings:
+Note	1008	Can't drop database 'mysqltest1'; database doesn't exist
+drop schema if exists mysqltest2|
+Warnings:
+Note	1008	Can't drop database 'mysqltest2'; database doesn't exist
+drop schema if exists mysqltest3|
+Warnings:
+Note	1008	Can't drop database 'mysqltest3'; database doesn't exist
+create schema mysqltest1|
+create schema mysqltest2|
+create schema mysqltest3|
+use mysqltest3|
+create procedure mysqltest1.p1 (out prequestid varchar(100))
+begin
+call mysqltest2.p2('call mysqltest3.p3(1, 2)');
+end|
+create procedure mysqltest2.p2(in psql text)
+begin
+declare lsql text;
+set @lsql= psql;
+prepare lstatement from @lsql;
+execute lstatement;
+deallocate prepare lstatement;
+end|
+create procedure mysqltest3.p3(in p1 int)
+begin
+select p1;
+end|
+call mysqltest1.p1(@rs)|
+ERROR 42000: Incorrect number of arguments for PROCEDURE mysqltest3.p3; expected 1, got 2
+call mysqltest1.p1(@rs)|
+ERROR 42000: Incorrect number of arguments for PROCEDURE mysqltest3.p3; expected 1, got 2
+call mysqltest1.p1(@rs)|
+ERROR 42000: Incorrect number of arguments for PROCEDURE mysqltest3.p3; expected 1, got 2
+drop schema if exists mysqltest1|
+drop schema if exists mysqltest2|
+drop schema if exists mysqltest3|
+use test|
 drop table t1,t2;
--- a/mysql-test/t/sp.test
+++ b/mysql-test/t/sp.test
@ -4947,6 +4947,52 @@ begin
 end|
 call p1("a - stored procedure parameter")|

+#
+# A test case for Bug#15392 "Server crashes during prepared statement
+# execute": make sure that stored procedure check for error conditions
+# properly and do not continue execution if an error has been set. 
+#
+# It's necessary to use several DBs because in the original code
+# the successful return of mysql_change_db overrode the error from
+# execution.
+drop schema if exists mysqltest1|
+drop schema if exists mysqltest2|
+drop schema if exists mysqltest3|
+create schema mysqltest1|
+create schema mysqltest2|
+create schema mysqltest3|
+use mysqltest3|
+
+create procedure mysqltest1.p1 (out prequestid varchar(100))
+begin
+  call mysqltest2.p2('call mysqltest3.p3(1, 2)');
+end|
+
+create procedure mysqltest2.p2(in psql text)
+begin
+  declare lsql text;
+  set @lsql= psql;
+  prepare lstatement from @lsql;
+  execute lstatement;
+  deallocate prepare lstatement;
+end|
+
+create procedure mysqltest3.p3(in p1 int)
+begin
+  select p1;
+end|
+
+--error ER_SP_WRONG_NO_OF_ARGS
+call mysqltest1.p1(@rs)|
+--error ER_SP_WRONG_NO_OF_ARGS
+call mysqltest1.p1(@rs)|
+--error ER_SP_WRONG_NO_OF_ARGS
+call mysqltest1.p1(@rs)|
+drop schema if exists mysqltest1|
+drop schema if exists mysqltest2|
+drop schema if exists mysqltest3|
+use test|
+
 #
 # BUG#NNNN: New bug synopsis
 #
--- a/sql/sp_head.cc
+++ b/sql/sp_head.cc
@ -1137,10 +1137,12 @@ int sp_head::execute(THD *thd)
     original thd->db will then have been freed */
  if (dbchanged)
  {
-    /* No access check when changing back to where we came from.
-       (It would generate an error from mysql_change_db() when olddb=="") */
+    /*
+      No access check when changing back to where we came from.
+      (It would generate an error from mysql_change_db() when olddb=="")
+    */
    if (! thd->killed)
-      ret= mysql_change_db(thd, olddb, 1);
+      ret|= (int) mysql_change_db(thd, olddb, 1);
  }
  m_flags&= ~IS_INVOKED;
  DBUG_PRINT("info", ("first free for 0x%lx --: 0x%lx->0x%lx, level: %lu, flags %x",
@ -1519,13 +1521,12 @@ int sp_head::execute_procedure(THD *thd, List<Item> *args)

 	    suv= new Item_func_set_user_var(guv->get_name(), item);
 	    /*
-	      we do not check suv->fixed, because it can't be fixed after
-	      creation
+              Item_func_set_user_var is not fixed after construction,
+              call fix_fields().
 	    */
-	    suv->fix_fields(thd, &item);
-	    suv->fix_length_and_dec();
-	    suv->check();
-	    suv->update();
+            if ((ret= test(!suv || suv->fix_fields(thd, &item) ||
+                           suv->check() || suv->update())))
+              break;
 	  }
 	}
      }
@ -2097,7 +2098,7 @@ sp_lex_keeper::reset_lex_and_exec_core(THD *thd, uint *nextp,

    cleanup_items() is called in sp_head::execute()
  */
-  return res;
+  return res || thd->net.report_error;
 }