Bug#9775 - Stored procedures: crash if create function that returns enum or set

Fix bug and implement return type casting. mysql-test/r/sp.result: Bug#9775 Test for bug + feature Fix previous tests mysql-test/t/sp.test: Bug#9775 Test for bug + feature Fix previous tests sql/item_func.cc: Bug#9775 new method Item_func_sp::execute(Field **) some optimizations. sql/item_func.h: Bug#9775 results for Item_func_sp pass through a Field of the return type. new method Item_func_sp::execute(Field **) sql/sp_head.cc: Bug#9775 missing initialiation for type_lengths in sp_head::create_typelib()

Bug#9775 - Stored procedures: crash if create function that returns enum or set
Fix bug and implement return type casting. mysql-test/r/sp.result: Bug#9775 Test for bug + feature Fix previous tests mysql-test/t/sp.test: Bug#9775 Test for bug + feature Fix previous tests sql/item_func.cc: Bug#9775 new method Item_func_sp::execute(Field **) some optimizations. sql/item_func.h: Bug#9775 results for Item_func_sp pass through a Field of the return type. new method Item_func_sp::execute(Field **) sql/sp_head.cc: Bug#9775 missing initialiation for type_lengths in sp_head::create_typelib()
50aa1fc1 · unknown · c6348e3f · 50aa1fc1 · 50aa1fc1 · 50aa1fc1
Commit 50aa1fc1 authored Apr 20, 2005 by unknown
5 changed files
--- a/mysql-test/r/sp.result
+++ b/mysql-test/r/sp.result
@@ -2960,14 +2960,35 @@ delete from t1|
 drop function bug9902|
 drop function if exists bug9102|
 create function bug9102() returns blob return 'a'|
-select bug9102();
+select bug9102()|
-drop function bug9102|
 bug9102()
 a
-drop procedure if exists bug7648|
+drop function bug9102|
+drop function if exists bug7648|
 create function bug7648() returns bit(8) return 'a'|
 select bug7648()|
 bug7648()
 a
 drop function bug7648|
+drop function if exists bug9775|
+create function bug9775(v1 char(1)) returns enum('a','b') return v1|
+select bug9775('a'),bug9775('b'),bug9775('c')|
+bug9775('a')	bug9775('b')	bug9775('c')
+a	b	
+drop function bug9775|
+create function bug9775(v1 int) returns enum('a','b') return v1|
+select bug9775(1),bug9775(2),bug9775(3)|
+bug9775(1)	bug9775(2)	bug9775(3)
+a	b	
+drop function bug9775|
+create function bug9775(v1 char(1)) returns set('a','b') return v1|
+select bug9775('a'),bug9775('b'),bug9775('a,b'),bug9775('c')|
+bug9775('a')	bug9775('b')	bug9775('a,b')	bug9775('c')
+a	b	a,b	
+drop function bug9775|
+create function bug9775(v1 int) returns set('a','b') return v1|
+select bug9775(1),bug9775(2),bug9775(3),bug9775(4)|
+bug9775(1)	bug9775(2)	bug9775(3)	bug9775(4)
+a	b	a,b	
+drop function bug9775|
 drop table t1,t2;
--- a/mysql-test/t/sp.test
+++ b/mysql-test/t/sp.test
@@ -3643,13 +3643,34 @@ drop function bug9102|
 # BUG#7648: Stored procedure crash when invoking a function that returns a bit
 #
 --disable_warnings
-drop procedure if exists bug7648|
+drop function if exists bug7648|
 --enable_warnings
 create function bug7648() returns bit(8) return 'a'|
 select bug7648()|
 drop function bug7648|
+#
+# BUG#9775: crash if create function that returns enum or set
+#
+--disable_warnings
+drop function if exists bug9775|
+--enable_warnings
+create function bug9775(v1 char(1)) returns enum('a','b') return v1|
+select bug9775('a'),bug9775('b'),bug9775('c')|
+drop function bug9775|
+create function bug9775(v1 int) returns enum('a','b') return v1|
+select bug9775(1),bug9775(2),bug9775(3)|
+drop function bug9775|
+create function bug9775(v1 char(1)) returns set('a','b') return v1|
+select bug9775('a'),bug9775('b'),bug9775('a,b'),bug9775('c')|
+drop function bug9775|
+create function bug9775(v1 int) returns set('a','b') return v1|
+select bug9775(1),bug9775(2),bug9775(3),bug9775(4)|
+drop function bug9775|
 #
 # BUG#NNNN: New bug synopsis
 #

--- a/sql/item_func.cc
+++ b/sql/item_func.cc
@@ -4461,7 +4461,7 @@ longlong Item_func_row_count::val_int()
 Item_func_sp::Item_func_sp(sp_name *name)
-  :Item_func(), m_name(name), m_sp(NULL)
+  :Item_func(), m_name(name), m_sp(NULL), result_field(NULL)
 {
  maybe_null= 1;
  m_name->init_qname(current_thd);
@@ -4470,7 +4470,7 @@ Item_func_sp::Item_func_sp(sp_name *name)
 Item_func_sp::Item_func_sp(sp_name *name, List<Item> &list)
-  :Item_func(list), m_name(name), m_sp(NULL)
+  :Item_func(list), m_name(name), m_sp(NULL), result_field(NULL)
 {
  maybe_null= 1;
  m_name->init_qname(current_thd);
@@ -4526,6 +4526,29 @@ Item_func_sp::sp_result_field(void) const
 }
+int
+Item_func_sp::execute(Field **flp)
+{
+  Item *it;
+  Field *f;
+  if (execute(&it))
+  {
+    null_value= 1;
+    return 1;
+  }
+  if (!(f= *flp))
+  {
+    *flp= f= sp_result_field();
+    f->move_field((f->pack_length() > sizeof(result_buf)) ? 
+                  sql_alloc(f->pack_length()) : result_buf);
+    f->null_ptr= (uchar *)&null_value;
+    f->null_bit= 1;
+  }
+  it->save_in_field(f, 1);
+  return f->is_null();
+}
 int
 Item_func_sp::execute(Item **itp)
 {
@@ -4601,6 +4624,8 @@ Item_func_sp::field_type() const
  Field *field= 0;
  DBUG_ENTER("Item_func_sp::field_type");
+  if (result_field)
+    DBUG_RETURN(result_field->type());
  if (! m_sp)
    m_sp= sp_find_function(current_thd, m_name, TRUE); // cache only
  if ((field= sp_result_field()))
@@ -4621,6 +4646,8 @@ Item_func_sp::result_type() const
  DBUG_ENTER("Item_func_sp::result_type");
  DBUG_PRINT("info", ("m_sp = %p", m_sp));
+  if (result_field)
+    DBUG_RETURN(result_field->result_type());
  if (! m_sp)
    m_sp= sp_find_function(current_thd, m_name, TRUE); // cache only
  if ((field= sp_result_field()))
@@ -4636,8 +4663,16 @@ Item_func_sp::result_type() const
 void
 Item_func_sp::fix_length_and_dec()
 {
+  Field *field= result_field;
  DBUG_ENTER("Item_func_sp::fix_length_and_dec");
+  if (result_field)
+  {
+    decimals= result_field->decimals();
+    max_length= result_field->representation_length();
+    DBUG_VOID_RETURN;
+  }
  if (! m_sp)
    m_sp= sp_find_function(current_thd, m_name, TRUE); // cache only
  if (! m_sp)
@@ -4646,29 +4681,28 @@ Item_func_sp::fix_length_and_dec()
  }
  else
  {
-    switch (result_type()) {
+    if (!field)
+      field= sp_result_field();
+    decimals= field->decimals();
+    max_length= field->representation_length();
+    switch (field->result_type()) {
    case STRING_RESULT:
      maybe_null= 1;
-      max_length= MAX_BLOB_WIDTH;
-      break;
    case REAL_RESULT:
-      decimals= NOT_FIXED_DEC;
-      max_length= float_length(decimals);
-      break;
    case INT_RESULT:
-      decimals= 0;
-      max_length= 21;
-      break;
    case DECIMAL_RESULT:
-      // TODO: where to find real precision and scale?
+      break;
-      decimals= min(DECIMAL_MAX_LENGTH / 2, NOT_FIXED_DEC - 1);
-      max_length= DECIMAL_MAX_LENGTH;
    case ROW_RESULT:
    default:
      // This case should never be chosen
      DBUG_ASSERT(0);
      break;
    }
+    if (field != result_field)
+      delete field;    
  }
  DBUG_VOID_RETURN;
 }

--- a/sql/item_func.h
+++ b/sql/item_func.h
@@ -1283,8 +1283,11 @@ class Item_func_sp :public Item_func
  sp_name *m_name;
  mutable sp_head *m_sp;
  TABLE *dummy_table;
+  Field *result_field;
+  char result_buf[64];
  int execute(Item **itp);
+  int execute(Field **flp);
  Field *sp_result_field(void) const;
 public:
@@ -1296,6 +1299,12 @@ class Item_func_sp :public Item_func
  virtual ~Item_func_sp()
  {}
+  void cleanup()
+  {
+    Item_func::cleanup();
+    result_field= NULL;
+  }
  const char *func_name() const;
  enum enum_field_types field_type() const;
@@ -1308,63 +1317,30 @@ class Item_func_sp :public Item_func
  longlong val_int()
  {
-    Item *it;
+    if (execute(&result_field))
-    longlong l;
-    if (execute(&it))
-    {
-      null_value= 1;
      return 0LL;
-    }
+    return result_field->val_int();   
-    l= it->val_int();
-    null_value= it->null_value;
-    return l;
  }
  double val_real()
  {
-    Item *it;
+    if (execute(&result_field))
-    double d;
-    if (execute(&it))
-    {
-      null_value= 1;
      return 0.0;
-    }
+    return result_field->val_real();
-    d= it->val_real();
-    null_value= it->null_value;
-    return d;
  }
  my_decimal *val_decimal(my_decimal *dec_buf)
  {
-    Item *it;
+    if (execute(&result_field))
-    my_decimal *result;
-    if (execute(&it))
-    {
-      null_value= 1;
      return NULL;
-    }
+    return result_field->val_decimal(dec_buf);
-    result= it->val_decimal(dec_buf);
-    null_value= it->null_value;
-    return result;
  }
  String *val_str(String *str)
  {
-    Item *it;
+    if (execute(&result_field))
-    String *s;
-    if (execute(&it))
-    {
-      null_value= 1;
      return NULL;
-    }
+    return result_field->val_str(str);
-    s= it->val_str(str);
-    null_value= it->null_value;
-    return s;
  }
  void fix_length_and_dec();

--- a/sql/sp_head.cc
+++ b/sql/sp_head.cc
@@ -378,8 +378,9 @@ sp_head::create_typelib(List<String> *src)
    result->count= src->elements;
    result->name= "";
    if (!(result->type_names=(const char **)
-          alloc_root(mem_root,sizeof(char *)*(result->count+1))))
+          alloc_root(mem_root,(sizeof(char *)+sizeof(int))*(result->count+1))))
      return 0;
+    result->type_lengths= (unsigned int *)(result->type_names + result->count+1);
    List_iterator<String> it(*src);
    String conv, *tmp;
    uint32 dummy;
@@ -397,8 +398,10 @@ sp_head::create_typelib(List<String> *src)
        result->type_names[i]= buf;
        result->type_lengths[i]= conv.length();
      }
-      else
+      else {
        result->type_names[i]= strdup_root(mem_root, tmp->c_ptr());
+        result->type_lengths[i]= tmp->length();
+      }
      // Strip trailing spaces.
      uint lengthsp= cs->cset->lengthsp(cs, result->type_names[i],
@@ -407,6 +410,7 @@ sp_head::create_typelib(List<String> *src)
      ((uchar *)result->type_names[i])[lengthsp]= '\0';
    }
    result->type_names[result->count]= 0;
+    result->type_lengths[result->count]= 0;
  }
  return result;
 }