MDEV-5816: Stored programs: validation of stored program statements

Introduced the new data member new_query_arena_is_set of the class sp_head. This data member is used as a protection against double invocation of the method restore_thd_mem_root that is called for restoration of the current query arena. Previously, the data member sp_head::m_thd is used for this goal but after support for recompilation of failed stored routine statement has been added the data member sp_head::m_thd can't be used for this goal. The reason is that on statement recompilation after the method restore_thd_mem_root() is called the method sp_head::add_instr() invoked to add a new instruction for just recompiled statement. The method sp_head::add_instr() de-references m_thd to access the free_list data member. If m_thd was used as a guard against double invocation it would result in a crash on dereferncing null pointer.

MDEV-5816: Stored programs: validation of stored program statements
Introduced the new data member new_query_arena_is_set of the class sp_head. This data member is used as a protection against double invocation of the method restore_thd_mem_root that is called for restoration of the current query arena. Previously, the data member sp_head::m_thd is used for this goal but after support for recompilation of failed stored routine statement has been added the data member sp_head::m_thd can't be used for this goal. The reason is that on statement recompilation after the method restore_thd_mem_root() is called the method sp_head::add_instr() invoked to add a new instruction for just recompiled statement. The method sp_head::add_instr() de-references m_thd to access the free_list data member. If m_thd was used as a guard against double invocation it would result in a crash on dereferncing null pointer.
a957d2f8 · Dmitry Shulga · 8eb903e1 · a957d2f8 · a957d2f8
Commit a957d2f8 authored Feb 06, 2023 by Dmitry Shulga
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

sql/sp_head.cc sql/sp_head.cc +6 -2

sql/sp_head.h sql/sp_head.h +1 -0

No files found.
--- a/sql/sp_head.cc
+++ b/sql/sp_head.cc
@@ -532,6 +532,7 @@ void sp_head::destroy(sp_head *sp)
    MEM_ROOT own_root= sp->main_mem_root;
    DBUG_PRINT("info", ("mem_root %p moved to %p",
                        &sp->mem_root, &own_root));
+    sp->m_thd= nullptr;
    delete sp;

    free_root(&own_root, MYF(0));
@@ -567,6 +568,7 @@ sp_head::sp_head(MEM_ROOT *mem_root_arg, sp_package *parent,
   m_sp_cache_version(0),
   m_creation_ctx(0),
   unsafe_flags(0),
+   new_query_arena_is_set(false),
   m_created(0),
   m_modified(0),
   m_recursion_level(0),
@@ -2790,6 +2792,7 @@ sp_head::reset_thd_mem_root(THD *thd)
  free_list= thd->free_list; // Keep the old list
  thd->free_list= NULL; // Start a new one
  m_thd= thd;
+  new_query_arena_is_set= true;
  DBUG_VOID_RETURN;
 }

@@ -2809,7 +2812,7 @@ sp_head::restore_thd_mem_root(THD *thd)
   skip restoration of old arena/mem_root if this method has been
   already called for this routine.
  */
-  if (!m_thd)
+  if (!new_query_arena_is_set)
    DBUG_VOID_RETURN;

  Item *flist= free_list;	// The old list
@@ -2820,7 +2823,8 @@ sp_head::restore_thd_mem_root(THD *thd)
                      &mem_root, &thd->mem_root));
  thd->free_list= flist;        // Restore the old one
  thd->mem_root= m_thd_root;
-  m_thd= NULL;
+  new_query_arena_is_set= false;
+
  DBUG_VOID_RETURN;
 }


--- a/sql/sp_head.h
+++ b/sql/sp_head.h
@@ -263,6 +263,7 @@ class sp_head :private Query_arena,
  */
  uint32 unsafe_flags;

+  bool new_query_arena_is_set;
 public:
  inline Stored_program_creation_ctx *get_creation_ctx()
  {