Commit 1d5aeb51 authored by pem@mysql.com's avatar pem@mysql.com

Merge mysql.com:/usr/local/bk/mysql-5.0

into  mysql.com:/usr/home/pem/bug13941/mysql-5.0
parents fc771acc c865f491
...@@ -3504,4 +3504,32 @@ drop procedure bug7049_5| ...@@ -3504,4 +3504,32 @@ drop procedure bug7049_5|
drop procedure bug7049_6| drop procedure bug7049_6|
drop function bug7049_1| drop function bug7049_1|
drop function bug7049_2| drop function bug7049_2|
drop function if exists bug13941|
drop procedure if exists bug13941|
create function bug13941(p_input_str text)
returns text
begin
declare p_output_str text;
set p_output_str = p_input_str;
set p_output_str = replace(p_output_str, 'xyzzy', 'plugh');
set p_output_str = replace(p_output_str, 'test', 'prova');
set p_output_str = replace(p_output_str, 'this', 'questo');
set p_output_str = replace(p_output_str, ' a ', 'una ');
set p_output_str = replace(p_output_str, 'is', '');
return p_output_str;
end|
create procedure bug13941(out sout varchar(128))
begin
set sout = 'Local';
set sout = ifnull(sout, 'DEF');
end|
select bug13941('this is a test')|
bug13941('this is a test')
questo una prova
call bug13941(@a)|
select @a|
@a
Local
drop function bug13941|
drop procedure bug13941|
drop table t1,t2; drop table t1,t2;
...@@ -4390,6 +4390,49 @@ drop function bug7049_1| ...@@ -4390,6 +4390,49 @@ drop function bug7049_1|
drop function bug7049_2| drop function bug7049_2|
#
# BUG#13941: replace() string fuction behaves badly inside stored procedure
# (BUG#13914: IFNULL is returning garbage in stored procedure)
#
--disable_warnings
drop function if exists bug13941|
drop procedure if exists bug13941|
--enable_warnings
create function bug13941(p_input_str text)
returns text
begin
declare p_output_str text;
set p_output_str = p_input_str;
set p_output_str = replace(p_output_str, 'xyzzy', 'plugh');
set p_output_str = replace(p_output_str, 'test', 'prova');
set p_output_str = replace(p_output_str, 'this', 'questo');
set p_output_str = replace(p_output_str, ' a ', 'una ');
set p_output_str = replace(p_output_str, 'is', '');
return p_output_str;
end|
create procedure bug13941(out sout varchar(128))
begin
set sout = 'Local';
set sout = ifnull(sout, 'DEF');
end|
# Note: The bug showed different behaviour in different types of builds,
# giving garbage results in some, and seemingly working in others.
# Running with valgrind (or purify) is the safe way to check that it's
# really working correctly.
select bug13941('this is a test')|
call bug13941(@a)|
select @a|
drop function bug13941|
drop procedure bug13941|
# #
# BUG#NNNN: New bug synopsis # BUG#NNNN: New bug synopsis
# #
......
...@@ -293,6 +293,22 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type, ...@@ -293,6 +293,22 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type,
if (it == reuse) if (it == reuse)
DBUG_RETURN(it); DBUG_RETURN(it);
/*
For some functions, 's' is now pointing to an argument of the
function, which might be a local variable that is to be reused.
In this case, new(reuse, &rsize) below will call the destructor
and 's' ends up pointing to freed memory.
A somewhat ugly fix is to simply copy the string to our local one
(which is unused by most functions anyway), but only if 's' is
pointing somewhere else than to 'tmp' or 'it->str_value'.
*/
if (reuse && s != &tmp && s != &it->str_value)
{
if (tmp.copy((const String)(*s)))
DBUG_RETURN(NULL);
s= &tmp;
}
CREATE_ON_CALLERS_ARENA(it= new(reuse, &rsize) CREATE_ON_CALLERS_ARENA(it= new(reuse, &rsize)
Item_string(it->collation.collation), Item_string(it->collation.collation),
use_callers_arena, &backup_arena); use_callers_arena, &backup_arena);
...@@ -323,7 +339,7 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type, ...@@ -323,7 +339,7 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type,
return_null_item: return_null_item:
CREATE_ON_CALLERS_ARENA(it= new(reuse, &rsize) Item_null(), CREATE_ON_CALLERS_ARENA(it= new(reuse, &rsize) Item_null(),
use_callers_arena, &backup_arena); use_callers_arena, &backup_arena);
end: end:
it->rsize= rsize; it->rsize= rsize;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment