mirror of
https://github.com/MariaDB/server.git
synced 2025-01-25 00:04:33 +01:00
e73e7bb9ae
build) The crash was caused by freeing the internal parser stack during the parser execution. This occured only for complex stored procedures, after reallocating the parser stack using my_yyoverflow(), with the following C call stack: - MYSQLparse() - any rule calling sp_head::restore_lex() - lex_end() - x_free(lex->yacc_yyss), xfree(lex->yacc_yyvs) The root cause is the implementation of stored procedures, which breaks the assumption from 4.1 that there is only one LEX structure per parser call. The solution is to separate the LEX structure into: - attributes that represent a statement (the current LEX structure), - attributes that relate to the syntax parser itself (Yacc_state), so that parsing multiple statements in stored programs can create multiple LEX structures while not changing the unique Yacc_state. Now, Yacc_state and the existing Lex_input_stream are aggregated into Parser_state, a structure that represent the complete state of the (Lexical + Syntax) parser. mysql-test/r/parser_stack.result: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) mysql-test/t/parser_stack.test: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sp.cc: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sp_head.cc: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sql_class.cc: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sql_class.h: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sql_lex.cc: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sql_lex.h: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sql_parse.cc: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sql_prepare.cc: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sql_trigger.cc: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sql_view.cc: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build) sql/sql_yacc.yy: Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on build)
402 lines
13 KiB
Text
402 lines
13 KiB
Text
# Copyright (C) 2008 Sun Microsystems, Inc
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; version 2 of the License.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
#
|
|
# These tests are designed to cause an internal parser stack overflow,
|
|
# and trigger my_yyoverflow().
|
|
#
|
|
|
|
use test;
|
|
|
|
SELECT
|
|
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
|
|
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
|
|
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
|
|
1
|
|
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
|
|
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
|
|
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
|
|
;
|
|
|
|
prepare stmt from
|
|
"
|
|
SELECT
|
|
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
|
|
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
|
|
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
|
|
1
|
|
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
|
|
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
|
|
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
|
|
"
|
|
;
|
|
|
|
execute stmt;
|
|
|
|
--disable_warnings
|
|
drop view if exists view_overflow;
|
|
--enable_warnings
|
|
|
|
CREATE VIEW view_overflow AS
|
|
SELECT
|
|
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
|
|
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
|
|
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
|
|
1
|
|
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
|
|
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
|
|
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
|
|
;
|
|
|
|
SELECT * from view_overflow;
|
|
|
|
drop view view_overflow;
|
|
|
|
--disable_warnings
|
|
drop procedure if exists proc_overflow;
|
|
--enable_warnings
|
|
|
|
delimiter $$;
|
|
|
|
CREATE PROCEDURE proc_overflow()
|
|
BEGIN
|
|
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
|
|
select 1;
|
|
select 2;
|
|
select 3;
|
|
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
|
|
END $$
|
|
|
|
delimiter ;$$
|
|
|
|
call proc_overflow();
|
|
|
|
drop procedure proc_overflow;
|
|
|
|
--disable_warnings
|
|
drop function if exists func_overflow;
|
|
--enable_warnings
|
|
|
|
delimiter $$;
|
|
|
|
create function func_overflow() returns int
|
|
BEGIN
|
|
DECLARE x int default 0;
|
|
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
|
|
SET x=x+1;
|
|
SET x=x+2;
|
|
SET x=x+3;
|
|
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
|
|
return x;
|
|
END $$
|
|
|
|
delimiter ;$$
|
|
|
|
select func_overflow();
|
|
|
|
drop function func_overflow;
|
|
|
|
--disable_warnings
|
|
drop table if exists table_overflow;
|
|
--enable_warnings
|
|
|
|
create table table_overflow(a int, b int);
|
|
|
|
delimiter $$;
|
|
|
|
create trigger trigger_overflow before insert on table_overflow
|
|
for each row
|
|
BEGIN
|
|
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
|
|
|
|
SET NEW.b := NEW.a;
|
|
SET NEW.b := NEW.b + 1;
|
|
SET NEW.b := NEW.b + 2;
|
|
SET NEW.b := NEW.b + 3;
|
|
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
END; END; END; END; END; END; END; END; END; END; END; END;
|
|
|
|
END $$
|
|
|
|
delimiter ;$$
|
|
|
|
insert into table_overflow set a=10;
|
|
insert into table_overflow set a=20;
|
|
select * from table_overflow;
|
|
|
|
drop table table_overflow;
|
|
|
|
--disable_warnings
|
|
drop procedure if exists proc_35577;
|
|
--enable_warnings
|
|
|
|
delimiter $$;
|
|
|
|
CREATE PROCEDURE proc_35577()
|
|
BEGIN
|
|
DECLARE z_done INT DEFAULT 0;
|
|
DECLARE t_done VARCHAR(5000);
|
|
outer_loop: LOOP
|
|
IF t_done=1 THEN
|
|
LEAVE outer_loop;
|
|
END IF;
|
|
|
|
inner_block:BEGIN
|
|
DECLARE z_done INT DEFAULT 0;
|
|
SET z_done = 0;
|
|
inner_loop: LOOP
|
|
IF z_done=1 THEN
|
|
LEAVE inner_loop;
|
|
END IF;
|
|
IF (t_done = 'a') THEN
|
|
IF (t_done <> 0) THEN
|
|
IF ( t_done > 0) THEN
|
|
IF (t_done = 'a') THEN
|
|
SET t_done = 'a';
|
|
ELSEIF (t_done = 'a') THEN
|
|
SET t_done = 'a';
|
|
ELSEIF(t_done = 'a') THEN
|
|
SET t_done = 'a';
|
|
ELSEIF(t_done = 'a') THEN
|
|
SET t_done = 'a';
|
|
ELSEIF(t_done = 'a') THEN
|
|
SET t_done = 'a';
|
|
ELSEIF(t_done = 'a') THEN
|
|
SET t_done = 'a';
|
|
ELSEIF(t_done = 'a') THEN
|
|
SET t_done = 'a';
|
|
ELSEIF(t_done = 'a') THEN
|
|
SET t_done = 'a';
|
|
END IF;
|
|
END IF;
|
|
END IF;
|
|
END IF;
|
|
END LOOP inner_loop;
|
|
END inner_block;
|
|
END LOOP outer_loop;
|
|
END $$
|
|
|
|
delimiter ;$$
|
|
|
|
drop procedure proc_35577;
|
|
|
|
#
|
|
# Bug#37269 (parser crash when creating stored procedure)
|
|
#
|
|
|
|
--disable_warnings
|
|
drop procedure if exists p_37269;
|
|
--enable_warnings
|
|
|
|
delimiter $$;
|
|
|
|
create procedure p_37269()
|
|
begin
|
|
declare done int default 0;
|
|
declare varb int default 0;
|
|
declare vara int default 0;
|
|
|
|
repeat
|
|
select now();
|
|
until done end repeat;
|
|
while varb do
|
|
select now();
|
|
begin
|
|
select now();
|
|
repeat
|
|
select now();
|
|
until done end repeat;
|
|
if vara then
|
|
select now();
|
|
repeat
|
|
select now();
|
|
loop
|
|
select now();
|
|
end loop;
|
|
repeat
|
|
select now();
|
|
label1: while varb do
|
|
select now();
|
|
end while label1;
|
|
if vara then
|
|
select now();
|
|
repeat
|
|
select now();
|
|
until done end repeat;
|
|
begin
|
|
select now();
|
|
while varb do
|
|
select now();
|
|
label1: while varb do
|
|
select now();
|
|
end while label1;
|
|
if vara then
|
|
select now();
|
|
while varb do
|
|
select now();
|
|
loop
|
|
select now();
|
|
end loop;
|
|
repeat
|
|
select now();
|
|
loop
|
|
select now();
|
|
while varb do
|
|
select now();
|
|
end while;
|
|
repeat
|
|
select now();
|
|
label1: loop
|
|
select now();
|
|
if vara then
|
|
select now();
|
|
end if;
|
|
end loop label1;
|
|
until done end repeat;
|
|
end loop;
|
|
until done end repeat;
|
|
end while;
|
|
end if;
|
|
end while;
|
|
end;
|
|
end if;
|
|
until done end repeat;
|
|
until done end repeat;
|
|
end if;
|
|
end;
|
|
end while;
|
|
end $$
|
|
|
|
delimiter ;$$
|
|
|
|
drop procedure p_37269;
|
|
|
|
#
|
|
# Bug#37228 (Sever crashes when creating stored procedure with more than
|
|
# 10 IF/ELSEIF)
|
|
#
|
|
|
|
--disable_warnings
|
|
drop procedure if exists p_37228;
|
|
--enable_warnings
|
|
|
|
delimiter $$;
|
|
|
|
create procedure p_37228 ()
|
|
BEGIN
|
|
DECLARE v INT DEFAULT 123;
|
|
|
|
IF (v > 1) THEN SET v = 1;
|
|
ELSEIF (v < 10) THEN SET v = 10;
|
|
ELSEIF (v < 11) THEN SET v = 11;
|
|
ELSEIF (v < 12) THEN SET v = 12;
|
|
ELSEIF (v < 13) THEN SET v = 13;
|
|
ELSEIF (v < 14) THEN SET v = 14;
|
|
ELSEIF (v < 15) THEN SET v = 15;
|
|
ELSEIF (v < 16) THEN SET v = 16;
|
|
ELSEIF (v < 17) THEN SET v = 17;
|
|
ELSEIF (v < 18) THEN SET v = 18;
|
|
ELSEIF (v < 19) THEN SET v = 19;
|
|
ELSEIF (v < 20) THEN SET v = 20;
|
|
ELSEIF (v < 21) THEN SET v = 21;
|
|
ELSEIF (v < 22) THEN SET v = 22;
|
|
ELSEIF (v < 23) THEN SET v = 23;
|
|
ELSEIF (v < 24) THEN SET v = 24;
|
|
ELSEIF (v < 25) THEN SET v = 25;
|
|
ELSEIF (v < 26) THEN SET v = 26;
|
|
ELSEIF (v < 27) THEN SET v = 27;
|
|
ELSEIF (v < 28) THEN SET v = 28;
|
|
ELSEIF (v < 29) THEN SET v = 29;
|
|
ELSEIF (v < 30) THEN SET v = 30;
|
|
ELSEIF (v < 31) THEN SET v = 31;
|
|
ELSEIF (v < 32) THEN SET v = 32;
|
|
ELSEIF (v < 33) THEN SET v = 33;
|
|
ELSEIF (v < 34) THEN SET v = 34;
|
|
ELSEIF (v < 35) THEN SET v = 35;
|
|
ELSEIF (v < 36) THEN SET v = 36;
|
|
ELSEIF (v < 37) THEN SET v = 37;
|
|
ELSEIF (v < 38) THEN SET v = 38;
|
|
ELSEIF (v < 39) THEN SET v = 39;
|
|
END IF;
|
|
END $$
|
|
|
|
delimiter ;$$
|
|
|
|
drop procedure p_37228;
|
|
|
|
|