MDEV-24220 Server crash in base_list_iterator::next or

in TABLE_LIST::is_recursive_with_tables After the patch for MDEV-23619 the code of st_select_lex::cleanup started using the list st_select_lex::leaf_tables. This list is built for any query with FROM clause in the function setup_tables(). If such query is used in a stored procedure it must be ensured that the list is empty before each new call of the procedure. Otherwise if the first call of the procedure is successful while the second call reports an error before the setup_tables() is invoked then list st_select_lex::leaf_tables would point to a piece of memory that has been already freed. Approved by Oleksandr Byelkin <sanja@mariadb.com>

MDEV-24220 Server crash in base_list_iterator::next or
in TABLE_LIST::is_recursive_with_tables After the patch for MDEV-23619 the code of st_select_lex::cleanup started using the list st_select_lex::leaf_tables. This list is built for any query with FROM clause in the function setup_tables(). If such query is used in a stored procedure it must be ensured that the list is empty before each new call of the procedure. Otherwise if the first call of the procedure is successful while the second call reports an error before the setup_tables() is invoked then list st_select_lex::leaf_tables would point to a piece of memory that has been already freed. Approved by Oleksandr Byelkin <sanja@mariadb.com>
6628435e · Igor Babaev · ceef26cf · 6628435e · 6628435e · 6628435e
Commit 6628435e authored Nov 17, 2020 by Igor Babaev
Hide whitespace changes
Inline Side-by-side

Showing with 46 additions and 0 deletions

mysql-test/r/sp.result mysql-test/r/sp.result +20 -0

mysql-test/t/sp.test mysql-test/t/sp.test +25 -0

sql/sql_union.cc sql/sql_union.cc +1 -0

No files found.
--- a/mysql-test/r/sp.result
+++ b/mysql-test/r/sp.result
@@ -8467,3 +8467,23 @@ $$
 ERROR 22007: Incorrect integer value: 'y' for column ``.``.`a` at row 1
 DROP TABLE t1;
 SET sql_mode=DEFAULT;
+#
+# MDEV-24220: error when opening a table for the second call of SP
+#
+CREATE TABLE t1 (a INT, b INT);
+INSERT INTO t1 VALUES (1,1),(2,2);
+CREATE VIEW v1 AS SELECT MAX(a) as f FROM t1;
+CREATE PROCEDURE p1()
+BEGIN
+SELECT * FROM v1;
+END $
+CALL p1;
+f
+2
+ALTER TABLE t1 DROP a;
+CALL p1;
+ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
+DROP PROCEDURE p1;
+DROP VIEW v1;
+DROP TABLE t1;
+#End of 10.2 tests
--- a/mysql-test/t/sp.test
+++ b/mysql-test/t/sp.test
@@ -10001,3 +10001,28 @@ $$
 DELIMITER ;$$
 DROP TABLE t1;
 SET sql_mode=DEFAULT;
+
+--echo #
+--echo # MDEV-24220: error when opening a table for the second call of SP
+--echo #
+
+CREATE TABLE t1 (a INT, b INT);
+INSERT INTO t1 VALUES (1,1),(2,2);
+CREATE VIEW v1 AS SELECT MAX(a) as f FROM t1;
+--delimiter $
+CREATE PROCEDURE p1()
+BEGIN
+  SELECT * FROM v1;
+END $
+--delimiter ;
+
+CALL p1;
+ALTER TABLE t1 DROP a;
+-- error ER_VIEW_INVALID
+CALL p1;
+
+DROP PROCEDURE p1;
+DROP VIEW v1;
+DROP TABLE t1;
+
+--echo #End of 10.2 tests
--- a/sql/sql_union.cc
+++ b/sql/sql_union.cc
@@ -1568,6 +1568,7 @@ bool st_select_lex::cleanup()
    delete join;
    join= 0;
  }
+  leaf_tables.empty();
  for (SELECT_LEX_UNIT *lex_unit= first_inner_unit(); lex_unit ;
       lex_unit= lex_unit->next_unit())
  {