Commit 75a5ecbd authored by Kristofer Pettersson's avatar Kristofer Pettersson

Bug#38486 Crash when using cursor protocol

            
Server side cursors were not initialized properly and this caused a reference to
uninitialized memory.
parent 0a415f62
...@@ -111,7 +111,8 @@ class Select_materialize: public select_union ...@@ -111,7 +111,8 @@ class Select_materialize: public select_union
select_result *result; /* the result object of the caller (PS or SP) */ select_result *result; /* the result object of the caller (PS or SP) */
public: public:
Materialized_cursor *materialized_cursor; Materialized_cursor *materialized_cursor;
Select_materialize(select_result *result_arg) :result(result_arg) {} Select_materialize(select_result *result_arg) :result(result_arg),
materialized_cursor(0) {}
virtual bool send_fields(List<Item> &list, uint flags); virtual bool send_fields(List<Item> &list, uint flags);
}; };
...@@ -155,6 +156,7 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, ...@@ -155,6 +156,7 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result,
if (! (sensitive_cursor= new (thd->mem_root) Sensitive_cursor(thd, result))) if (! (sensitive_cursor= new (thd->mem_root) Sensitive_cursor(thd, result)))
{ {
delete result_materialize; delete result_materialize;
result_materialize= NULL;
return 1; return 1;
} }
...@@ -212,6 +214,7 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, ...@@ -212,6 +214,7 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result,
if ((rc= materialized_cursor->open(0))) if ((rc= materialized_cursor->open(0)))
{ {
delete materialized_cursor; delete materialized_cursor;
materialized_cursor= NULL;
goto err_open; goto err_open;
} }
......
...@@ -16189,6 +16189,35 @@ static void test_bug32265() ...@@ -16189,6 +16189,35 @@ static void test_bug32265()
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
} }
/**
Bug#38486 Crash when using cursor protocol
*/
static void test_bug38486(void)
{
myheader("test_bug38486");
MYSQL_STMT *stmt;
stmt= mysql_stmt_init(mysql);
unsigned long type= CURSOR_TYPE_READ_ONLY;
mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type);
const char *sql= "CREATE TABLE t1 (a INT)";
mysql_stmt_prepare(stmt,sql,strlen(sql));
mysql_stmt_execute(stmt);
mysql_stmt_close(stmt);
stmt= mysql_stmt_init(mysql);
mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type);
const char *sql2= "INSERT INTO t1 VALUES (1)";
mysql_stmt_prepare(stmt,sql2,strlen(sql2));
mysql_stmt_execute(stmt);
mysql_stmt_close(stmt);
}
/* /*
Read and parse arguments and MySQL options from my.cnf Read and parse arguments and MySQL options from my.cnf
*/ */
...@@ -16483,6 +16512,7 @@ static struct my_tests_st my_tests[]= { ...@@ -16483,6 +16512,7 @@ static struct my_tests_st my_tests[]= {
{ "test_bug29306", test_bug29306 }, { "test_bug29306", test_bug29306 },
{ "test_bug31669", test_bug31669 }, { "test_bug31669", test_bug31669 },
{ "test_bug32265", test_bug32265 }, { "test_bug32265", test_bug32265 },
{ "test_bug38486", test_bug38486 },
{ 0, 0 } { 0, 0 }
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment