mirror of
https://github.com/MariaDB/server.git
synced 2025-01-28 01:34:17 +01:00
MDEV-15444 Querying I_S.PARAMETERS can crash with a corrupted mysql.proc
This commit is contained in:
parent
4025cfaec0
commit
88a9d4ab42
4 changed files with 112 additions and 5 deletions
|
@ -171,3 +171,60 @@ create database mysqltest1;
|
|||
create procedure mysqltest1.foo() select "foo";
|
||||
update mysql.proc set name='' where db='mysqltest1';
|
||||
drop database mysqltest1;
|
||||
#
|
||||
# MDEV-15444 Querying I_S.PARAMETERS can crash with a corrupted mysql.proc
|
||||
#
|
||||
CREATE OR REPLACE FUNCTION f1 (a INT) RETURNS INT RETURN 10;
|
||||
CREATE OR REPLACE FUNCTION f2 (a INT) RETURNS INT RETURN 10;
|
||||
SELECT
|
||||
@type0:=COLUMN_TYPE AS t0,
|
||||
@type1:=REPLACE(COLUMN_TYPE,')',',''XXX'')') AS t1
|
||||
FROM INFORMATION_SCHEMA.COLUMNS
|
||||
WHERE table_schema='mysql' AND table_name='proc' AND column_name='type';
|
||||
t0 enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY')
|
||||
t1 enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY','XXX')
|
||||
EXECUTE IMMEDIATE CONCAT('ALTER TABLE mysql.proc MODIFY type ', @type1);
|
||||
SHOW COLUMNS IN mysql.proc LIKE 'type';
|
||||
Field Type Null Key Default Extra
|
||||
type enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY','XXX') NO PRI NULL
|
||||
UPDATE mysql.proc SET type='XXX' WHERE name='f1' AND db='test';
|
||||
SELECT * FROM INFORMATION_SCHEMA.PARAMETERS WHERE SPECIFIC_SCHEMA='test';
|
||||
SPECIFIC_CATALOG def
|
||||
SPECIFIC_SCHEMA test
|
||||
SPECIFIC_NAME f2
|
||||
ORDINAL_POSITION 0
|
||||
PARAMETER_MODE NULL
|
||||
PARAMETER_NAME NULL
|
||||
DATA_TYPE int
|
||||
CHARACTER_MAXIMUM_LENGTH NULL
|
||||
CHARACTER_OCTET_LENGTH NULL
|
||||
NUMERIC_PRECISION 10
|
||||
NUMERIC_SCALE 0
|
||||
DATETIME_PRECISION NULL
|
||||
CHARACTER_SET_NAME NULL
|
||||
COLLATION_NAME NULL
|
||||
DTD_IDENTIFIER int(11)
|
||||
ROUTINE_TYPE FUNCTION
|
||||
SPECIFIC_CATALOG def
|
||||
SPECIFIC_SCHEMA test
|
||||
SPECIFIC_NAME f2
|
||||
ORDINAL_POSITION 1
|
||||
PARAMETER_MODE IN
|
||||
PARAMETER_NAME a
|
||||
DATA_TYPE int
|
||||
CHARACTER_MAXIMUM_LENGTH NULL
|
||||
CHARACTER_OCTET_LENGTH NULL
|
||||
NUMERIC_PRECISION 10
|
||||
NUMERIC_SCALE 0
|
||||
DATETIME_PRECISION NULL
|
||||
CHARACTER_SET_NAME NULL
|
||||
COLLATION_NAME NULL
|
||||
DTD_IDENTIFIER int(11)
|
||||
ROUTINE_TYPE FUNCTION
|
||||
UPDATE mysql.proc SET type='FUNCTION' WHERE name='f1' AND db='test';
|
||||
EXECUTE IMMEDIATE CONCAT('ALTER TABLE mysql.proc MODIFY type ', @type0);
|
||||
SHOW COLUMNS IN mysql.proc LIKE 'type';
|
||||
Field Type Null Key Default Extra
|
||||
type enum('FUNCTION','PROCEDURE','PACKAGE','PACKAGE BODY') NO PRI NULL
|
||||
DROP FUNCTION f1;
|
||||
DROP FUNCTION f2;
|
||||
|
|
|
@ -285,3 +285,38 @@ create database mysqltest1;
|
|||
create procedure mysqltest1.foo() select "foo";
|
||||
update mysql.proc set name='' where db='mysqltest1';
|
||||
drop database mysqltest1;
|
||||
|
||||
|
||||
--echo #
|
||||
--echo # MDEV-15444 Querying I_S.PARAMETERS can crash with a corrupted mysql.proc
|
||||
--echo #
|
||||
|
||||
CREATE OR REPLACE FUNCTION f1 (a INT) RETURNS INT RETURN 10;
|
||||
CREATE OR REPLACE FUNCTION f2 (a INT) RETURNS INT RETURN 10;
|
||||
|
||||
# Get the current data type for mysql.proc.type
|
||||
--vertical_results
|
||||
SELECT
|
||||
@type0:=COLUMN_TYPE AS t0,
|
||||
@type1:=REPLACE(COLUMN_TYPE,')',',''XXX'')') AS t1
|
||||
FROM INFORMATION_SCHEMA.COLUMNS
|
||||
WHERE table_schema='mysql' AND table_name='proc' AND column_name='type';
|
||||
--horizontal_results
|
||||
|
||||
# Change mysql.proc.type and update the record for 'f1'
|
||||
EXECUTE IMMEDIATE CONCAT('ALTER TABLE mysql.proc MODIFY type ', @type1);
|
||||
SHOW COLUMNS IN mysql.proc LIKE 'type';
|
||||
UPDATE mysql.proc SET type='XXX' WHERE name='f1' AND db='test';
|
||||
|
||||
# Check the I_S query
|
||||
--vertical_results
|
||||
SELECT * FROM INFORMATION_SCHEMA.PARAMETERS WHERE SPECIFIC_SCHEMA='test';
|
||||
--horizontal_results
|
||||
|
||||
# Restore the record for 'f1' and restore mysql.proc.type
|
||||
UPDATE mysql.proc SET type='FUNCTION' WHERE name='f1' AND db='test';
|
||||
EXECUTE IMMEDIATE CONCAT('ALTER TABLE mysql.proc MODIFY type ', @type0);
|
||||
SHOW COLUMNS IN mysql.proc LIKE 'type';
|
||||
|
||||
DROP FUNCTION f1;
|
||||
DROP FUNCTION f2;
|
||||
|
|
12
sql/sp.h
12
sql/sp.h
|
@ -122,6 +122,16 @@ public:
|
|||
static const Sp_handler *handler(enum enum_sql_command cmd);
|
||||
static const Sp_handler *handler(stored_procedure_type type);
|
||||
static const Sp_handler *handler(MDL_key::enum_mdl_namespace ns);
|
||||
/*
|
||||
Return a handler only those SP objects that store
|
||||
definitions in the mysql.proc system table
|
||||
*/
|
||||
static const Sp_handler *handler_mysql_proc(stored_procedure_type type)
|
||||
{
|
||||
const Sp_handler *sph= handler(type);
|
||||
return sph ? sph->sp_handler_mysql_proc() : NULL;
|
||||
}
|
||||
|
||||
static bool eq_routine_name(const LEX_CSTRING &name1,
|
||||
const LEX_CSTRING &name2)
|
||||
{
|
||||
|
@ -153,6 +163,7 @@ public:
|
|||
return m_empty_body;
|
||||
}
|
||||
virtual MDL_key::enum_mdl_namespace get_mdl_type() const= 0;
|
||||
virtual const Sp_handler *sp_handler_mysql_proc() const { return this; }
|
||||
virtual sp_cache **get_cache(THD *) const { return NULL; }
|
||||
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
||||
virtual HASH *get_priv_hash() const { return NULL; }
|
||||
|
@ -434,6 +445,7 @@ public:
|
|||
DBUG_ASSERT(0);
|
||||
return MDL_key::TRIGGER;
|
||||
}
|
||||
const Sp_handler *sp_handler_mysql_proc() const { return NULL; }
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -6155,9 +6155,11 @@ bool store_schema_params(THD *thd, TABLE *table, TABLE *proc_table,
|
|||
proc_table->field[MYSQL_PROC_FIELD_NAME]->val_str_nopad(thd->mem_root, &name);
|
||||
proc_table->field[MYSQL_PROC_FIELD_DEFINER]->val_str_nopad(thd->mem_root, &definer);
|
||||
sql_mode= (sql_mode_t) proc_table->field[MYSQL_PROC_FIELD_SQL_MODE]->val_int();
|
||||
sph= Sp_handler::handler((stored_procedure_type) proc_table->field[MYSQL_PROC_MYSQL_TYPE]->val_int());
|
||||
sph= Sp_handler::handler_mysql_proc((stored_procedure_type)
|
||||
proc_table->field[MYSQL_PROC_MYSQL_TYPE]->
|
||||
val_int());
|
||||
if (!sph)
|
||||
sph= &sp_handler_procedure;
|
||||
DBUG_RETURN(0);
|
||||
|
||||
if (!full_access)
|
||||
full_access= !strcmp(sp_user, definer.str);
|
||||
|
@ -6265,10 +6267,11 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table,
|
|||
proc_table->field[MYSQL_PROC_FIELD_DB]->val_str_nopad(thd->mem_root, &db);
|
||||
proc_table->field[MYSQL_PROC_FIELD_NAME]->val_str_nopad(thd->mem_root, &name);
|
||||
proc_table->field[MYSQL_PROC_FIELD_DEFINER]->val_str_nopad(thd->mem_root, &definer);
|
||||
sph= Sp_handler::handler((stored_procedure_type)
|
||||
proc_table->field[MYSQL_PROC_MYSQL_TYPE]->val_int());
|
||||
sph= Sp_handler::handler_mysql_proc((stored_procedure_type)
|
||||
proc_table->field[MYSQL_PROC_MYSQL_TYPE]->
|
||||
val_int());
|
||||
if (!sph)
|
||||
sph= &sp_handler_procedure;
|
||||
return 0;
|
||||
|
||||
if (!full_access)
|
||||
full_access= !strcmp(sp_user, definer.str);
|
||||
|
|
Loading…
Add table
Reference in a new issue