Bug#19356: Assert on undefined @uservar in prepared statement execute

The executing code had a safety assertion so that it refused to free Items
that it didn't create.  However, there is a case, undefined user variables,
which would put Items into the list to be freed.

Instead, do something that is more risky in expectation that the code will 
be refactored soon, as Kostja wants to do:  Remove the assertions from 
prepare() and execute().  Put one assertion at a higher level, before 
stmt->set_params_from_vars(), which may then create new to-be-freed Items .
parent d5d89bcf
...@@ -2,3 +2,5 @@ ...@@ -2,3 +2,5 @@
44ec850ac2k4y2Omgr92GiWPBAVKGQ 44ec850ac2k4y2Omgr92GiWPBAVKGQ
44edb86b1iE5knJ97MbliK_3lCiAXA 44edb86b1iE5knJ97MbliK_3lCiAXA
44f33f3aj5KW5qweQeekY1LU0E9ZCg 44f33f3aj5KW5qweQeekY1LU0E9ZCg
45214442pBGT9KuZEGixBH71jTzbOA
45214a07hVsIGwvwa-WrO-jpeaSwVw
...@@ -130,3 +130,36 @@ prepare st_18492 from 'select * from t1 where 3 in (select (1+1) union select 1) ...@@ -130,3 +130,36 @@ prepare st_18492 from 'select * from t1 where 3 in (select (1+1) union select 1)
execute st_18492; execute st_18492;
a a
drop table t1; drop table t1;
create table t1 (a int, b varchar(4));
create table t2 (a int, b varchar(4), primary key(a));
prepare stmt1 from 'insert into t1 (a, b) values (?, ?)';
prepare stmt2 from 'insert into t2 (a, b) values (?, ?)';
set @intarg= 11;
set @varchararg= '2222';
execute stmt1 using @intarg, @varchararg;
execute stmt2 using @intarg, @varchararg;
set @intarg= 12;
execute stmt1 using @intarg, @UNDEFINED;
execute stmt2 using @intarg, @UNDEFINED;
set @intarg= 13;
execute stmt1 using @UNDEFINED, @varchararg;
execute stmt2 using @UNDEFINED, @varchararg;
ERROR 23000: Column 'a' cannot be null
set @intarg= 14;
set @nullarg= Null;
execute stmt1 using @UNDEFINED, @nullarg;
execute stmt2 using @nullarg, @varchararg;
ERROR 23000: Column 'a' cannot be null
select * from t1;
a b
11 2222
12 NULL
NULL 2222
NULL NULL
select * from t2;
a b
11 2222
12 NULL
drop table t1;
drop table t2;
End of 5.0 tests.
...@@ -144,3 +144,37 @@ prepare st_18492 from 'select * from t1 where 3 in (select (1+1) union select 1) ...@@ -144,3 +144,37 @@ prepare st_18492 from 'select * from t1 where 3 in (select (1+1) union select 1)
execute st_18492; execute st_18492;
drop table t1; drop table t1;
#
# Bug#19356: Assertion failure with undefined @uservar in prepared statement execution
#
create table t1 (a int, b varchar(4));
create table t2 (a int, b varchar(4), primary key(a));
prepare stmt1 from 'insert into t1 (a, b) values (?, ?)';
prepare stmt2 from 'insert into t2 (a, b) values (?, ?)';
set @intarg= 11;
set @varchararg= '2222';
execute stmt1 using @intarg, @varchararg;
execute stmt2 using @intarg, @varchararg;
set @intarg= 12;
execute stmt1 using @intarg, @UNDEFINED;
execute stmt2 using @intarg, @UNDEFINED;
set @intarg= 13;
execute stmt1 using @UNDEFINED, @varchararg;
--error 1048
execute stmt2 using @UNDEFINED, @varchararg;
set @intarg= 14;
set @nullarg= Null;
execute stmt1 using @UNDEFINED, @nullarg;
--error 1048
execute stmt2 using @nullarg, @varchararg;
select * from t1;
select * from t2;
drop table t1;
drop table t2;
--echo End of 5.0 tests.
...@@ -2248,6 +2248,14 @@ void mysql_stmt_execute(THD *thd, char *packet_arg, uint packet_length) ...@@ -2248,6 +2248,14 @@ void mysql_stmt_execute(THD *thd, char *packet_arg, uint packet_length)
#endif #endif
if (!(specialflag & SPECIAL_NO_PRIOR)) if (!(specialflag & SPECIAL_NO_PRIOR))
my_pthread_setprio(pthread_self(),QUERY_PRIOR); my_pthread_setprio(pthread_self(),QUERY_PRIOR);
/*
If the free_list is not empty, we'll wrongly free some externally
allocated items when cleaning up after validation of the prepared
statement.
*/
DBUG_ASSERT(thd->free_list == NULL);
error= stmt->execute(&expanded_query, error= stmt->execute(&expanded_query,
test(flags & (ulong) CURSOR_TYPE_READ_ONLY)); test(flags & (ulong) CURSOR_TYPE_READ_ONLY));
if (!(specialflag & SPECIAL_NO_PRIOR)) if (!(specialflag & SPECIAL_NO_PRIOR))
...@@ -2310,6 +2318,13 @@ void mysql_sql_stmt_execute(THD *thd) ...@@ -2310,6 +2318,13 @@ void mysql_sql_stmt_execute(THD *thd)
DBUG_PRINT("info",("stmt: %p", stmt)); DBUG_PRINT("info",("stmt: %p", stmt));
/*
If the free_list is not empty, we'll wrongly free some externally
allocated items when cleaning up after validation of the prepared
statement.
*/
DBUG_ASSERT(thd->free_list == NULL);
if (stmt->set_params_from_vars(stmt, lex->prepared_stmt_params, if (stmt->set_params_from_vars(stmt, lex->prepared_stmt_params,
&expanded_query)) &expanded_query))
goto set_params_data_err; goto set_params_data_err;
...@@ -2788,12 +2803,12 @@ bool Prepared_statement::prepare(const char *packet, uint packet_len) ...@@ -2788,12 +2803,12 @@ bool Prepared_statement::prepare(const char *packet, uint packet_len)
external changes when cleaning up after validation. external changes when cleaning up after validation.
*/ */
DBUG_ASSERT(thd->change_list.is_empty()); DBUG_ASSERT(thd->change_list.is_empty());
/* /*
If the free_list is not empty, we'll wrongly free some externally The only case where we should have items in the thd->free_list is
allocated items when cleaning up after validation of the prepared after stmt->set_params_from_vars(), which may in some cases create
statement. Item_null objects.
*/ */
DBUG_ASSERT(thd->free_list == NULL);
if (error == 0) if (error == 0)
error= check_prepared_statement(this, name.str != 0); error= check_prepared_statement(this, name.str != 0);
...@@ -2891,7 +2906,13 @@ bool Prepared_statement::execute(String *expanded_query, bool open_cursor) ...@@ -2891,7 +2906,13 @@ bool Prepared_statement::execute(String *expanded_query, bool open_cursor)
allocated items when cleaning up after execution of this statement. allocated items when cleaning up after execution of this statement.
*/ */
DBUG_ASSERT(thd->change_list.is_empty()); DBUG_ASSERT(thd->change_list.is_empty());
DBUG_ASSERT(thd->free_list == NULL);
/*
The only case where we should have items in the thd->free_list is
after stmt->set_params_from_vars(), which may in some cases create
Item_null objects.
*/
thd->set_n_backup_statement(this, &stmt_backup); thd->set_n_backup_statement(this, &stmt_backup);
if (expanded_query->length() && if (expanded_query->length() &&
alloc_query(thd, (char*) expanded_query->ptr(), alloc_query(thd, (char*) expanded_query->ptr(),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment