• Alexander Barkov's avatar
    MDEV-15620 Crash when using "SET @@NEW.a=expr" inside a trigger · 902ace09
    Alexander Barkov authored
    The problem resided in this branch of the "option_value_no_option_type" rule:
    
    | '@' '@' opt_var_ident_type internal_variable_name equal set_expr_or_default
    
    Summary:
    
    1. internal_variable_name initialized tmp.var to trg_new_row_fake_var (0x01).
    2. The condition "if (tmp.var == NULL)" did not check
       the special case with trg_new_row_fake_var,
       so Lex->set_system_variable(&tmp, $3, $6) was
       called with tmp.var pointing to trg_new_row_fake_var,
       which created a sys_var instance pointing to 0x01 instead of
       a real system variable.
    3. Later, at the trigger invocation time, this method was called:
       sys_var::do_deprecated_warning (this=0x1, thd=0x7ffe6c000a98)
       Notice, "this" is equal to trg_new_row_fake_var (0x01)
    
    Solution:
    
    The old implementation with separate rules
    internal_variable_name (in sql_yacc.yy and sql_yacc_ora.yy) and
    internal_variable_name_directly_assignable (in sql_yacc_ora.yy only)
    was too complex and hard to follow.
    
    Rewriting the code in a more straightforward way.
    
    1. Changing LEX::set_system_variable()
    
    from:
    
    bool set_system_variable(struct sys_var_with_base *, enum_var_type, Item *);
    
    to:
    
    bool set_system_variable(enum_var_type, sys_var *, const LEX_CSTRING *, Item *);
    
    2. Adding new methods in LEX, which operate with variable names:
    
    bool set_trigger_field(const LEX_CSTRING *, const LEX_CSTRING *, Item *);
    bool set_system_variable(enum_var_type var_type, const LEX_CSTRING *name,
                             Item *val);
    bool set_system_variable(THD *thd, enum_var_type var_type,
                             const LEX_CSTRING *name1,
                             const LEX_CSTRING *name2,
                             Item *val);
    bool set_default_system_variable(enum_var_type var_type,
                                     const LEX_CSTRING *name,
                                     Item *val);
    bool set_variable(const LEX_CSTRING *name, Item *item);
    
    3. Changing the grammar to call the new methods directly
       in option_value_no_option_type,
       Removing rules internal_variable_name and
       internal_variable_name_directly_assignable.
    
    4. Removing "struct sys_var_with_base" and trg_new_row_fake_var.
    
    Good side effect:
    
    - The code in /sql reduced from 314 to 183 lines.
    - MDEV-15615 Unexpected syntax error instead of "Unknown system variable" ...
      was also fixed automatically
    902ace09
parser.test 38.6 KB