Commit 50c8cec3 authored by unknown's avatar unknown

Fix BUG#2259: Crash after fetch from not-open cursor in stored procedure

Initialize and test properly when cleaning up, to avoid crash in some error cases.


mysql-test/r/sp-error.result:
  Test case for BUG#2259
mysql-test/t/sp-error.test:
  Test case for BUG#2259
sql/sp_rcontext.cc:
  Cleanup in a more controlled way to avoid crashes in some error cases.
  Remove unused variable.
sql/sp_rcontext.h:
  Initialize member var, for cleanup tests.
parent 28f589db
...@@ -283,6 +283,15 @@ create table t3 (column_1 int)| ...@@ -283,6 +283,15 @@ create table t3 (column_1 int)|
call bug1653()| call bug1653()|
drop procedure bug1653| drop procedure bug1653|
drop table t3| drop table t3|
create procedure bug2259()
begin
declare v1 int;
declare c1 cursor for select s1 from t10;
fetch c1 into v1;
end|
call bug2259()|
ERROR 24000: Cursor is not open
drop procedure bug2259|
create procedure bug2272() create procedure bug2272()
begin begin
declare v int; declare v int;
...@@ -292,4 +301,5 @@ insert into t1 values (666, 51.3)| ...@@ -292,4 +301,5 @@ insert into t1 values (666, 51.3)|
call bug2272()| call bug2272()|
ERROR 42S22: Unknown column 'v' in 'field list' ERROR 42S22: Unknown column 'v' in 'field list'
delete from t1| delete from t1|
drop procedure bug2272|
drop table t1| drop table t1|
...@@ -388,6 +388,23 @@ call bug1653()| ...@@ -388,6 +388,23 @@ call bug1653()|
drop procedure bug1653| drop procedure bug1653|
drop table t3| drop table t3|
#
# BUG#2259
#
# Note: When this bug existed, it did not necessarily cause a crash
# in all builds, but valgrind did give warnings.
create procedure bug2259()
begin
declare v1 int;
declare c1 cursor for select s1 from t10;
fetch c1 into v1;
end|
--error 1310
call bug2259()|
drop procedure bug2259|
# #
# BUG#2272 # BUG#2272
# #
...@@ -402,6 +419,7 @@ insert into t1 values (666, 51.3)| ...@@ -402,6 +419,7 @@ insert into t1 values (666, 51.3)|
--error 1054 --error 1054
call bug2272()| call bug2272()|
delete from t1| delete from t1|
drop procedure bug2272|
drop table t1| drop table t1|
......
...@@ -176,10 +176,13 @@ sp_cursor::close(THD *thd) ...@@ -176,10 +176,13 @@ sp_cursor::close(THD *thd)
void void
sp_cursor::destroy() sp_cursor::destroy()
{ {
delete m_prot; if (m_prot)
m_prot= NULL; {
free_root(&m_mem_root, MYF(0)); delete m_prot;
bzero((char *)&m_mem_root, sizeof(m_mem_root)); m_prot= NULL;
free_root(&m_mem_root, MYF(0));
bzero((char *)&m_mem_root, sizeof(m_mem_root));
}
m_isopen= FALSE; m_isopen= FALSE;
} }
...@@ -190,14 +193,12 @@ sp_cursor::fetch(THD *thd, List<struct sp_pvar> *vars) ...@@ -190,14 +193,12 @@ sp_cursor::fetch(THD *thd, List<struct sp_pvar> *vars)
sp_pvar_t *pv; sp_pvar_t *pv;
MYSQL_ROW row; MYSQL_ROW row;
uint fldcount; uint fldcount;
MYSQL_FIELD *fields= m_prot->fields;
if (! m_isopen) if (! m_isopen)
{ {
send_error(thd, ER_SP_CURSOR_NOT_OPEN); send_error(thd, ER_SP_CURSOR_NOT_OPEN);
return -1; return -1;
} }
if (m_current_row == NULL) if (m_current_row == NULL)
{ {
send_error(thd, ER_SP_FETCH_NO_DATA); send_error(thd, ER_SP_FETCH_NO_DATA);
......
...@@ -205,7 +205,7 @@ class sp_cursor : public Sql_alloc ...@@ -205,7 +205,7 @@ class sp_cursor : public Sql_alloc
public: public:
sp_cursor(LEX *lex) sp_cursor(LEX *lex)
: m_lex(lex), m_isopen(0), m_current_row(NULL) : m_lex(lex), m_prot(NULL), m_isopen(0), m_current_row(NULL)
{ {
/* Empty */ /* Empty */
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment