From cd1d161c261dcb6f9158bf0a537cb9deee051010 Mon Sep 17 00:00:00 2001
From: Alexander Barkov <bar@mariadb.com>
Date: Thu, 30 May 2019 17:03:26 +0400
Subject: [PATCH 1/2] MDEV-19637 Crash on an SP variable assignment to a wrong
 subselect

---
 mysql-test/main/sp.result                  | 15 +++++++++++++
 mysql-test/main/sp.test                    | 23 ++++++++++++++++++++
 mysql-test/suite/compat/oracle/r/sp.result | 16 ++++++++++++++
 mysql-test/suite/compat/oracle/t/sp.test   | 25 ++++++++++++++++++++++
 sql/sql_yacc.yy                            | 18 +++++++++++++++-
 5 files changed, 96 insertions(+), 1 deletion(-)

diff --git a/mysql-test/main/sp.result b/mysql-test/main/sp.result
index 3129a2e165c..5908ee24ad4 100644
--- a/mysql-test/main/sp.result
+++ b/mysql-test/main/sp.result
@@ -8792,3 +8792,18 @@ drop procedure p4;
 drop table t1;
 set @@sql_mode=@save_sql_mode;
 # End of 10.3 tests
+#
+# Start of 10.4 tests
+#
+#
+# MDEV-19637 Crash on an SP variable assignment to a wrong subselect
+#
+BEGIN NOT ATOMIC
+DECLARE a INT;
+SET a=(SELECT 1 FROM DUAL UNION SELECT HIGH_PRIORITY 2 FROM DUAL);
+END;
+$$
+ERROR 42000: Incorrect usage/placement of 'HIGH_PRIORITY'
+#
+# End of 10.4 tests
+#
diff --git a/mysql-test/main/sp.test b/mysql-test/main/sp.test
index 7f841ccd0b4..920b09077d3 100644
--- a/mysql-test/main/sp.test
+++ b/mysql-test/main/sp.test
@@ -10323,3 +10323,26 @@ drop table t1;
 set @@sql_mode=@save_sql_mode;
 
 --echo # End of 10.3 tests
+
+
+--echo #
+--echo # Start of 10.4 tests
+--echo #
+
+--echo #
+--echo # MDEV-19637 Crash on an SP variable assignment to a wrong subselect
+--echo #
+
+DELIMITER $$;
+--error ER_CANT_USE_OPTION_HERE
+BEGIN NOT ATOMIC
+  DECLARE a INT;
+  SET a=(SELECT 1 FROM DUAL UNION SELECT HIGH_PRIORITY 2 FROM DUAL);
+END;
+$$
+DELIMITER ;$$
+
+
+--echo #
+--echo # End of 10.4 tests
+--echo #
diff --git a/mysql-test/suite/compat/oracle/r/sp.result b/mysql-test/suite/compat/oracle/r/sp.result
index 6db999b238f..1d088a98ab7 100644
--- a/mysql-test/suite/compat/oracle/r/sp.result
+++ b/mysql-test/suite/compat/oracle/r/sp.result
@@ -2552,3 +2552,19 @@ idx
 idx
 1
 DROP PROCEDURE p1;
+#
+# Start of 10.4 tests
+#
+#
+# MDEV-19637 Crash on an SP variable assignment to a wrong subselect
+#
+DECLARE
+a INT;
+BEGIN
+SET a=(SELECT 1 FROM DUAL UNION SELECT HIGH_PRIORITY 2 FROM DUAL);
+END;
+$$
+ERROR 42000: Incorrect usage/placement of 'HIGH_PRIORITY'
+#
+# End of 10.4 tests
+#
diff --git a/mysql-test/suite/compat/oracle/t/sp.test b/mysql-test/suite/compat/oracle/t/sp.test
index 96b4cd59fbd..4d046533457 100644
--- a/mysql-test/suite/compat/oracle/t/sp.test
+++ b/mysql-test/suite/compat/oracle/t/sp.test
@@ -2387,3 +2387,28 @@ $$
 DELIMITER ;$$
 CALL p1();
 DROP PROCEDURE p1;
+
+
+--echo #
+--echo # Start of 10.4 tests
+--echo #
+
+
+--echo #
+--echo # MDEV-19637 Crash on an SP variable assignment to a wrong subselect
+--echo #
+
+DELIMITER $$;
+--error ER_CANT_USE_OPTION_HERE
+DECLARE
+  a INT;
+BEGIN
+  SET a=(SELECT 1 FROM DUAL UNION SELECT HIGH_PRIORITY 2 FROM DUAL);
+END;
+$$
+DELIMITER ;$$
+
+
+--echo #
+--echo # End of 10.4 tests
+--echo #
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 6547bee15ac..3b6e83dd7cc 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -575,8 +575,24 @@ bool sp_create_assignment_instr(THD *thd, bool no_lookahead)
         return true;
     }
     lex->pop_select();
-    if (Lex->check_main_unit_semantics())
+    if (lex->check_main_unit_semantics())
+    {
+      /*
+        "lex" can be referrenced by:
+        - sp_instr_set                          SET a= expr;
+        - sp_instr_set_row_field                SET r.a= expr;
+        - sp_instr_stmt (just generated above)  SET @a= expr;
+        In this case, "lex" is fully owned by sp_instr_xxx and it will
+        be deleted by the destructor ~sp_instr_xxx().
+        So we should remove "lex" from the stack sp_head::m_lex,
+        to avoid double free.
+        Note, in case "lex" is not owned by any sp_instr_xxx,
+        it's also safe to remove it from the stack right now.
+        So we can remove it unconditionally, without testing lex->sp_lex_in_use.
+      */
+      lex->sphead->restore_lex(thd);
       return true;
+    }
     enum_var_type inner_option_type= lex->option_type;
     if (lex->sphead->restore_lex(thd))
       return true;

From 92df31dfbfcf6068f4f4a7e7794a15333158c569 Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Sun, 2 Jun 2019 13:12:39 +0200
Subject: [PATCH 2/2] Added new file client-certkey.pem for testing CONC-386:

client-certkey.pem contains both certificate and corresponding
private key.
---
 mysql-test/lib/generate-ssl-certs.sh   |   3 +
 mysql-test/std_data/client-certkey.pem | 108 +++++++++++++++++++++++++
 2 files changed, 111 insertions(+)
 create mode 100644 mysql-test/std_data/client-certkey.pem

diff --git a/mysql-test/lib/generate-ssl-certs.sh b/mysql-test/lib/generate-ssl-certs.sh
index 7df1c2d8279..3331b81b931 100755
--- a/mysql-test/lib/generate-ssl-certs.sh
+++ b/mysql-test/lib/generate-ssl-certs.sh
@@ -44,6 +44,9 @@ openssl req -newkey rsa:2048 -keyout client-key.pem -out demoCA/client-req.pem -
 openssl rsa -in client-key.pem -out client-key.pem
 openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out client-cert.pem -in demoCA/client-req.pem
 
+# generate combined client cert and key file
+cat client-cert.pem client-key.pem > client-certkey.pem
+
 # generate crls
 openssl ca -revoke server-cert.pem -keyfile cakey.pem -batch -cert cacert.pem
 openssl ca -gencrl -keyfile cakey.pem -crldays 7300 -batch -cert cacert.pem -out server-cert.crl
diff --git a/mysql-test/std_data/client-certkey.pem b/mysql-test/std_data/client-certkey.pem
new file mode 100644
index 00000000000..f60b9db309a
--- /dev/null
+++ b/mysql-test/std_data/client-certkey.pem
@@ -0,0 +1,108 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB
+        Validity
+            Not Before: Jan 27 10:11:15 2019 GMT
+            Not After : Jan 22 10:11:15 2039 GMT
+        Subject: C=FI, ST=Helsinki, L=Helsinki, O=MariaDB, CN=client
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a9:10:77:b5:42:8f:e8:ad:69:2a:03:e9:56:f5:
+                    2d:d5:ba:92:06:cc:7f:c8:d2:0f:c5:47:fd:3e:db:
+                    e1:5b:2b:40:ca:f8:05:9c:12:55:ef:0c:4a:92:3d:
+                    01:ac:0a:21:72:c4:b4:d9:59:82:75:1d:0c:63:fe:
+                    5a:20:7f:c5:53:b2:b9:05:88:60:c7:d9:fd:0f:ce:
+                    8f:10:a3:23:74:8f:21:70:56:73:c2:07:f0:79:20:
+                    52:1d:e0:30:9d:ed:0d:5a:f2:68:1b:0c:9e:2d:62:
+                    d6:5c:e3:72:2d:92:79:aa:d0:f0:3a:ed:d6:52:30:
+                    3a:e7:91:5e:98:4e:2f:a0:07:d7:73:78:42:02:7d:
+                    c4:2c:d3:63:03:b7:72:a5:33:da:f7:e9:3f:93:c9:
+                    37:19:9f:33:62:4f:1a:03:c3:a6:4b:f4:f5:51:e4:
+                    ef:af:d6:a7:9a:55:5f:bc:d3:a9:77:90:59:8c:29:
+                    b5:2d:3d:ef:ba:cd:21:54:24:79:6e:91:be:08:b6:
+                    b1:9c:78:be:6d:2f:56:72:10:69:91:ee:b3:bd:eb:
+                    77:b3:c1:bf:c7:28:c6:ad:70:37:68:da:42:8a:7f:
+                    dc:3b:40:78:d5:f2:a5:c1:43:c3:61:8e:bb:d0:b8:
+                    2d:05:41:7e:f2:b2:49:86:8b:ad:d7:fb:e0:9b:48:
+                    7d:af
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                CE:F4:DF:1F:F9:52:2E:37:2D:3D:8A:B6:DE:41:8C:13:F6:14:4E:57
+            X509v3 Authority Key Identifier: 
+                keyid:CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93
+
+    Signature Algorithm: sha256WithRSAEncryption
+         65:61:98:4c:62:3c:25:3b:12:2b:4d:78:9a:81:20:e2:4d:1e:
+         1e:c3:78:ca:1b:5b:84:13:7b:11:da:f3:ad:d0:19:f0:02:0c:
+         99:44:d8:52:89:e5:ee:61:9d:8e:ac:30:7a:dc:fc:7e:73:e3:
+         28:39:25:00:78:f2:00:66:63:96:3a:10:af:2b:35:b5:3e:09:
+         87:99:97:dd:29:0b:23:eb:95:fe:a8:f4:f5:4f:db:dd:ac:96:
+         94:7b:b1:ef:47:15:54:6f:d8:1b:43:39:00:34:9f:ad:49:fb:
+         21:26:94:74:20:61:ce:c5:b3:3d:5f:51:46:58:56:dc:2c:8c:
+         c3:74:97:83:63:3d:ad:0b:f6:81:63:4d:cb:30:af:45:ce:28:
+         fe:e0:68:c4:8f:1a:61:80:7e:56:8d:fc:31:5a:9f:33:37:1f:
+         ae:4e:0d:6c:25:e3:0e:13:af:01:1b:82:41:95:a1:83:47:61:
+         40:dd:d4:36:fb:73:7a:98:61:d1:e2:5f:1e:a1:a1:a8:ea:e3:
+         30:c8:74:c2:d2:82:6d:30:e5:e8:8f:b0:2d:1a:93:8e:ab:6b:
+         a6:17:36:a3:a2:0c:86:9c:b2:4e:1f:d7:6f:ef:04:f9:05:20:
+         b7:4f:e5:e3:9b:58:38:06:aa:d3:64:15:9a:bf:8a:97:fd:39:
+         b7:5f:e2:9e
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBWMQ8wDQYDVQQDDAZjYWNl
+cnQxCzAJBgNVBAYTAkZJMREwDwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVs
+c2lua2kxEDAOBgNVBAoMB01hcmlhREIwHhcNMTkwMTI3MTAxMTE1WhcNMzkwMTIy
+MTAxMTE1WjBWMQswCQYDVQQGEwJGSTERMA8GA1UECAwISGVsc2lua2kxETAPBgNV
+BAcMCEhlbHNpbmtpMRAwDgYDVQQKDAdNYXJpYURCMQ8wDQYDVQQDDAZjbGllbnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpEHe1Qo/orWkqA+lW9S3V
+upIGzH/I0g/FR/0+2+FbK0DK+AWcElXvDEqSPQGsCiFyxLTZWYJ1HQxj/logf8VT
+srkFiGDH2f0Pzo8QoyN0jyFwVnPCB/B5IFId4DCd7Q1a8mgbDJ4tYtZc43Itknmq
+0PA67dZSMDrnkV6YTi+gB9dzeEICfcQs02MDt3KlM9r36T+TyTcZnzNiTxoDw6ZL
+9PVR5O+v1qeaVV+806l3kFmMKbUtPe+6zSFUJHlukb4ItrGceL5tL1ZyEGmR7rO9
+63ezwb/HKMatcDdo2kKKf9w7QHjV8qXBQ8NhjrvQuC0FQX7yskmGi63X++CbSH2v
+AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTO9N8f+VIuNy09irbeQYwT9hRO
+VzAfBgNVHSMEGDAWgBTKcZmJ8HKrdWa7ZWoDBHKle5WmkzANBgkqhkiG9w0BAQsF
+AAOCAQEAZWGYTGI8JTsSK014moEg4k0eHsN4yhtbhBN7EdrzrdAZ8AIMmUTYUonl
+7mGdjqwwetz8fnPjKDklAHjyAGZjljoQrys1tT4Jh5mX3SkLI+uV/qj09U/b3ayW
+lHux70cVVG/YG0M5ADSfrUn7ISaUdCBhzsWzPV9RRlhW3CyMw3SXg2M9rQv2gWNN
+yzCvRc4o/uBoxI8aYYB+Vo38MVqfMzcfrk4NbCXjDhOvARuCQZWhg0dhQN3UNvtz
+ephh0eJfHqGhqOrjMMh0wtKCbTDl6I+wLRqTjqtrphc2o6IMhpyyTh/Xb+8E+QUg
+t0/l45tYOAaq02QVmr+Kl/05t1/ing==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAqRB3tUKP6K1pKgPpVvUt1bqSBsx/yNIPxUf9PtvhWytAyvgF
+nBJV7wxKkj0BrAohcsS02VmCdR0MY/5aIH/FU7K5BYhgx9n9D86PEKMjdI8hcFZz
+wgfweSBSHeAwne0NWvJoGwyeLWLWXONyLZJ5qtDwOu3WUjA655FemE4voAfXc3hC
+An3ELNNjA7dypTPa9+k/k8k3GZ8zYk8aA8OmS/T1UeTvr9anmlVfvNOpd5BZjCm1
+LT3vus0hVCR5bpG+CLaxnHi+bS9WchBpke6zvet3s8G/xyjGrXA3aNpCin/cO0B4
+1fKlwUPDYY670LgtBUF+8rJJhout1/vgm0h9rwIDAQABAoIBAQCAMnODZ+C13+DR
+sjua67mAysN2ElWHUvoQb2Ex7At7VVYBUob2bNTqulhFgasl6FyqqUw1T/Fjms5N
+eI6g/CIGMIyqDFrO0JZbCRdk1z/IX8xMYdHPPLP1NTPvYZOb/SfWYd/dOvkqkzrX
+HsTyl5JYm6y+EqEkm1vfQlUHiqoEXxG7hkYSIU6uXmRgeHHfw0Nuy/DizQFVZTAi
+yPoYQlMm13S1oIhr1cQRAHS41aWGl4dmprbS0Drqqr8kl2xrFEgZ/YLcwYKjAMzi
+UbkgOBU11DuLd0E+J/9iUhK5YTsMxo1TO89p7yNLHvT4NBhV3cuicq9aaWYeSijf
+VhDo+k4hAoGBAN1jlrElHmJcxI6JpA7BfX2BI5XTiQrq07jNkNMD1IlUe3zAnnq0
+DbwtXWYcolapYA9SbsXgHoEDhBjFJsz8fjqX/RKpBy0XZQuWImP0sYBficyWkKSQ
+yO0I9RNq6zERKSCP/wJMBGuRAVjlgrY6mBNVr2NmyqvVLzNNNUeCTcC/AoGBAMN+
+vrALUkMrJ8Oh5ay4IW+5toOu6/4TUyOK7zN23jGaObbPy/tLcgvpZ1xQsvuhvesG
+ubIr98st7J9+V/+mGMrvf5s4TlHUtB26E56wZrque98tBe8IG7Wh5dYut9PLw31K
+npT9fAYy8nsY2c7g5cs/vfJ+ixFj5ytsiYgjjI8RAoGBAMz32xh/CTaANOrSvDV9
+JrX/zfZ1NrgI2aSLjb4QGcJbmUjS/OcVtHG4fnR/pj0d63XEGBLTgOppWu+j+Fxo
+mGWfOgsAu0ggFMk5YvWwInZ7/ZSRAbGa6quqU1x67O0suisPpkV2I9GDGwA23WHh
+tdKQziT1kkasxVp17RIbrej5AoGAHMki5uUj3cQS/Nlv6jjKo5ri5wzwrt7FlSw2
+AIv2N7OP3/1E+eGoD1z03UD8udSdFGhPG48h04cVmn6OEpSwfeE6Fu75iU8anm3x
+yaIL3l0m3DvS7dlxyxLltt32L3eHd4FvTFzu0DLcRYfpOm8fJwhhvb0oWQ0u0tQO
+hD9HySECgYEAnLQnpkmFfr+1Gfg19N28Pvgh9NJMxvt4zVP+MZ8xR8gI+peqjZLp
+KDGtIlQ7bPnjMopeWojf7mOnlsvR4mChXJ6Uw1XGZjgMQnQtOrrHSuzdoWDJDteu
+8ftYoxWkqclzIrytpsOxon/Epq9i/D019V3+p+IhJ7NKiwqh0Ui66co=
+-----END RSA PRIVATE KEY-----