From 765452dbef57b71962950a9001ce21b64e1aba94 Mon Sep 17 00:00:00 2001 From: Alexander Barkov <bar@mariadb.org> Date: Tue, 14 Nov 2017 16:31:10 +0400 Subject: [PATCH] MDEV-14388 Server crashes in handle_select / val_uint in ORACLE mode --- .../compat/oracle/r/sp-cursor-rowtype.result | 33 +++++++++++++++++ .../compat/oracle/t/sp-cursor-rowtype.test | 36 +++++++++++++++++++ sql/sp_rcontext.cc | 6 ++++ 3 files changed, 75 insertions(+) diff --git a/mysql-test/suite/compat/oracle/r/sp-cursor-rowtype.result b/mysql-test/suite/compat/oracle/r/sp-cursor-rowtype.result index 3030a3dc658..a46daf30a8f 100644 --- a/mysql-test/suite/compat/oracle/r/sp-cursor-rowtype.result +++ b/mysql-test/suite/compat/oracle/r/sp-cursor-rowtype.result @@ -1359,3 +1359,36 @@ t2 CREATE TABLE "t2" ( "b" varchar(3) DEFAULT NULL, "c" time DEFAULT NULL ) +# +# MDEV-14388 Server crashes in handle_select / val_uint in ORACLE mode +# +CREATE TABLE t1 (id INT); +INSERT INTO t1 VALUES (0),(1),(2),(3); +CREATE FUNCTION f1() RETURN INT is +BEGIN +FOR v1 in (SELECT id FROM t1) +LOOP +NULL; +END LOOP; +RETURN 1; +END; +$$ +SELECT f1(); +f1() +1 +DROP FUNCTION f1; +DROP TABLE t1; +CREATE TABLE t1 (id INT); +INSERT INTO t1 VALUES (1),(2),(3),(4); +CREATE FUNCTION f1() RETURN INT IS +CURSOR cur IS SELECT id FROM t1; +rec cur%ROWTYPE; +BEGIN +RETURN 1; +END; +$$ +SELECT f1(); +f1() +1 +DROP FUNCTION f1; +DROP TABLE t1; diff --git a/mysql-test/suite/compat/oracle/t/sp-cursor-rowtype.test b/mysql-test/suite/compat/oracle/t/sp-cursor-rowtype.test index 19a50eacca1..fd148d1f261 100644 --- a/mysql-test/suite/compat/oracle/t/sp-cursor-rowtype.test +++ b/mysql-test/suite/compat/oracle/t/sp-cursor-rowtype.test @@ -1444,3 +1444,39 @@ BEGIN END; $$ DELIMITER ;$$ + +--echo # +--echo # MDEV-14388 Server crashes in handle_select / val_uint in ORACLE mode +--echo # + +CREATE TABLE t1 (id INT); +INSERT INTO t1 VALUES (0),(1),(2),(3); +DELIMITER $$; +CREATE FUNCTION f1() RETURN INT is +BEGIN + FOR v1 in (SELECT id FROM t1) + LOOP + NULL; + END LOOP; + RETURN 1; +END; +$$ +DELIMITER ;$$ +SELECT f1(); +DROP FUNCTION f1; +DROP TABLE t1; + +CREATE TABLE t1 (id INT); +INSERT INTO t1 VALUES (1),(2),(3),(4); +DELIMITER $$; +CREATE FUNCTION f1() RETURN INT IS + CURSOR cur IS SELECT id FROM t1; + rec cur%ROWTYPE; +BEGIN + RETURN 1; +END; +$$ +DELIMITER ;$$ +SELECT f1(); +DROP FUNCTION f1; +DROP TABLE t1; diff --git a/sql/sp_rcontext.cc b/sql/sp_rcontext.cc index ee13eac6a1c..b5aacb1ac0f 100644 --- a/sql/sp_rcontext.cc +++ b/sql/sp_rcontext.cc @@ -802,7 +802,13 @@ int sp_cursor::open_view_structure_only(THD *thd) if (!(thd->lex->limit_rows_examined= new (thd->mem_root) Item_uint(thd, 0))) return -1; thd->no_errors= true; // Suppress ER_QUERY_EXCEEDED_ROWS_EXAMINED_LIMIT + DBUG_ASSERT(!thd->killed); res= open(thd); + /* + The query possibly exited on LIMIT ROWS EXAMINED and set thd->killed. + Reset it now. + */ + thd->reset_killed(); thd->no_errors= thd_no_errors_save; thd->lex->limit_rows_examined= limit_rows_examined; return res;