Commit 026c1f55 authored by unknown's avatar unknown

Fix for Bug#11247 Stored procedures: Function calls in long loops leak memory

    and Bug#12297 SP crashes the server if data inserted inside a lon loop
Third commit attempt. With fixes to the issues, showed up after full rebuild and
tests on other hosts.


mysql-test/r/rpl_sp.result:
  New warnings appeared in result file, as now we always create spcont in a stored routine.
  This is correct behaviour. We swallowed some warnings, as we used thd->spcont to check whether
  we are in the SP though we didn't set spcont in certain cases. This is fixed now.
mysql-test/r/sp.result:
  fixed result file to reflect new tests
mysql-test/t/sp.test:
  Added tests for bugs. Though one of them is disabled, as it fails because of the other bug.
  It should be enabled, when bug 12297 is fixed.
sql/sp_head.cc:
  Per-instruction arena is implemented
sql/sp_rcontext.cc:
   Now we should deal with callers_arena->free_list when we employ reuse mechanism with callers_arena
   switched during sp_eval_func_item
sql/sp_rcontext.h:
  Add new member to sp_rcontext class, in order to handle instructions with assignment
  and/or with nested SP processing properly.
parent 99bea6a7
......@@ -109,6 +109,7 @@ call foo4();
Got one of the listed errors
show warnings;
Level Code Message
Error 1142 INSERT command denied to user 'zedjzlcsjhd'@'localhost' for table 't1'
Warning 1417 A routine failed and has neither NO SQL nor READS SQL DATA in its declaration and binary logging is enabled; if non-transactional tables were updated, the binary log will miss their changes
call foo3();
show warnings;
......@@ -117,6 +118,7 @@ call foo4();
Got one of the listed errors
show warnings;
Level Code Message
Error 1142 INSERT command denied to user 'zedjzlcsjhd'@'localhost' for table 't1'
Warning 1417 A routine failed and has neither NO SQL nor READS SQL DATA in its declaration and binary logging is enabled; if non-transactional tables were updated, the binary log will miss their changes
alter procedure foo4 sql security invoker;
call foo4();
......
......@@ -3085,4 +3085,19 @@ column_name bug10055(t.column_name)
id id
data data
drop function bug10055|
drop function if exists f_bug11247|
drop procedure if exists p_bug11247|
create function f_bug11247(param int)
returns int
return param + 1|
create procedure p_bug11247(lim int)
begin
declare v int default 0;
while v < lim do
set v= f_bug11247(v);
end while;
end|
call p_bug11247(10)|
drop function f_bug11247|
drop procedure p_bug11247|
drop table t1,t2;
......@@ -3870,6 +3870,65 @@ from information_schema.columns as t
where t.table_schema = 'test' and t.table_name = 't1'|
drop function bug10055|
#
# Bug #12297 "SP crashes the server if data inserted inside a lon loop"
# The test for memleak bug, so actually there is no way to test it
# from the suite. The test below could be used to check SP memory
# consumption by passing large input parameter.
#
#
# Note: the test is currenly disabled because of the
# Bug #12637: SP crashes the server if it has update query with user var
# & binlog is enabled.
#
--disable_warnings
#drop procedure if exists bug12297|
--enable_warnings
#create procedure bug12297(lim int)
#begin
# set @x = 0;
# repeat
# insert into t1(id,data)
# values('aa', @x);
# set @x = @x + 1;
# until @x >= lim
# end repeat;
#end|
#call bug12297(10)|
#drop procedure bug12297|
#
# Bug #11247 "Stored procedures: Function calls in long loops leak memory"
# One more memleak bug test. One could use this test to check that the memory
# isn't leaking by increasing the input value for p_bug11247.
#
--disable_warnings
drop function if exists f_bug11247|
drop procedure if exists p_bug11247|
--enable_warnings
create function f_bug11247(param int)
returns int
return param + 1|
create procedure p_bug11247(lim int)
begin
declare v int default 0;
while v < lim do
set v= f_bug11247(v);
end while;
end|
call p_bug11247(10)|
drop function f_bug11247|
drop procedure p_bug11247|
#
# BUG#NNNN: New bug synopsis
#
......
This diff is collapsed.
......@@ -32,7 +32,6 @@ sp_rcontext::sp_rcontext(uint fsize, uint hmax, uint cmax)
: m_count(0), m_fsize(fsize), m_result(NULL), m_hcount(0), m_hsp(0),
m_hfound(-1), m_ccount(0)
{
callers_mem_root= NULL;
in_handler= FALSE;
m_frame= (Item **)sql_alloc(fsize * sizeof(Item*));
m_handler= (sp_handler_t *)sql_alloc(hmax * sizeof(sp_handler_t));
......@@ -47,17 +46,18 @@ sp_rcontext::set_item_eval(THD *thd, uint idx, Item **item_addr,
enum_field_types type)
{
extern Item *sp_eval_func_item(THD *thd, Item **it, enum_field_types type,
Item *reuse);
Item *reuse, bool use_callers_arena);
Item *it;
Item *reuse_it;
Item *old_item_next;
Item *old_free_list= thd->free_list;
/* sp_eval_func_item will use callers_arena */
Item *old_free_list= thd->spcont->callers_arena->free_list;
int res;
LINT_INIT(old_item_next);
if ((reuse_it= get_item(idx)))
old_item_next= reuse_it->next;
it= sp_eval_func_item(thd, item_addr, type, reuse_it);
it= sp_eval_func_item(thd, item_addr, type, reuse_it, TRUE);
if (! it)
res= -1;
else
......@@ -67,7 +67,7 @@ sp_rcontext::set_item_eval(THD *thd, uint idx, Item **item_addr,
{
// A reused item slot, where the constructor put it in the free_list,
// so we have to restore the list.
thd->free_list= old_free_list;
thd->spcont->callers_arena->free_list= old_free_list;
it->next= old_item_next;
}
set_item(idx, it);
......
......@@ -48,8 +48,14 @@ class sp_rcontext : public Sql_alloc
public:
MEM_ROOT *callers_mem_root; // Used to store result fields
bool in_handler;
/*
Arena used to (re) allocate items on . E.g. reallocate INOUT/OUT
SP parameters when they don't fit into prealloced items. This
is common situation with String items. It is used mainly in
sp_eval_func_item().
*/
Query_arena *callers_arena;
sp_rcontext(uint fsize, uint hmax, uint cmax);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment