From e3f4f02b64f6b5197fb4fac46811930f40fdc5d9 Mon Sep 17 00:00:00 2001 From: "holyfoot/hf@mysql.com/hfmain.(none)" <> Date: Mon, 29 Jan 2007 11:48:31 +0400 Subject: [PATCH 1/3] bug #25492 (Invalid deallocation in mysql_stmt_fetch) Operating with the prepared statements we don't alloc MYSQL_DATA structure, but use MYSQL_STMT's field instead (to increase performance by reducing malloc calls). So we shouldn't free this structure as we did before. --- libmysqld/lib_sql.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libmysqld/lib_sql.cc b/libmysqld/lib_sql.cc index fe4ac5ba676..3a8bc189e7f 100644 --- a/libmysqld/lib_sql.cc +++ b/libmysqld/lib_sql.cc @@ -269,7 +269,7 @@ int emb_unbuffered_fetch(MYSQL *mysql, char **row) *row= NULL; if (data) { - free_rows(data); + free_root(&data->alloc,MYF(0)); ((THD*)mysql->thd)->data= NULL; } } From 8299b596ae9feb5897f19aa34eca71443aae0741 Mon Sep 17 00:00:00 2001 From: "holyfoot/hf@mysql.com/hfmain.(none)" <> Date: Mon, 12 Feb 2007 15:41:36 +0400 Subject: [PATCH 2/3] bug #20691 (INSERT (DEFAULT) may insert garbage with NO DEFAULT NOT NULL field) Some fields (GEOMETRY first of all) can't be handled properly in this case at all. So we return an error in this case --- mysql-test/r/default.result | 12 +++++++++++- mysql-test/r/gis.result | 4 ++++ mysql-test/t/default.test | 9 ++++++++- mysql-test/t/gis.test | 9 +++++++++ sql/item.cc | 8 +++++++- 5 files changed, 39 insertions(+), 3 deletions(-) diff --git a/mysql-test/r/default.result b/mysql-test/r/default.result index e2aa3b4a3cc..0b2b6769505 100644 --- a/mysql-test/r/default.result +++ b/mysql-test/r/default.result @@ -193,6 +193,16 @@ a b c d e f g h i x two large 00:00:05 0007-01-01 11 13 17 0019-01-01 00:00:00 23 1 small 00:00:00 0000-00-00 0 0000-00-00 00:00:00 0 2 two large 00:00:05 0007-01-01 11 13 17 0019-01-01 00:00:00 23 3 - small 00:00:00 0000-00-00 0 0000-00-00 00:00:00 0 4 + 00:00:00 0000-00-00 0 0000-00-00 00:00:00 0 4 drop table bug20691; +create table t1 (id int not null); +insert into t1 values(default); +Warnings: +Warning 1364 Field 'id' doesn't have a default value +create view v1 (c) as select id from t1; +insert into t1 values(default); +Warnings: +Warning 1364 Field 'id' doesn't have a default value +drop view v1; +drop table t1; End of 5.0 tests. diff --git a/mysql-test/r/gis.result b/mysql-test/r/gis.result index 870e160e563..df39a4d8ca2 100644 --- a/mysql-test/r/gis.result +++ b/mysql-test/r/gis.result @@ -717,3 +717,7 @@ desc t1; Field Type Null Key Default Extra GeomFromText('point(1 1)') geometry NO drop table t1; +create table t1 (g geometry not null); +insert into t1 values(default); +ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field +drop table t1; diff --git a/mysql-test/t/default.test b/mysql-test/t/default.test index 225ddbc3ee2..14aa4b02cfe 100644 --- a/mysql-test/t/default.test +++ b/mysql-test/t/default.test @@ -137,6 +137,13 @@ insert into bug20691 values (DEFAULT, DEFAULT, DEFAULT, DEFAULT, DEFAULT, DEFAUL select * from bug20691 order by x asc; drop table bug20691; -### +create table t1 (id int not null); +insert into t1 values(default); + +create view v1 (c) as select id from t1; +insert into t1 values(default); +drop view v1; +drop table t1; + --echo End of 5.0 tests. diff --git a/mysql-test/t/gis.test b/mysql-test/t/gis.test index 95fdf642b94..ff9fcad1fcf 100644 --- a/mysql-test/t/gis.test +++ b/mysql-test/t/gis.test @@ -428,3 +428,12 @@ drop table t1; create table t1 select GeomFromText('point(1 1)'); desc t1; drop table t1; + +# +# Bug #20691 (DEFAULT over NOT NULL field) +# +create table t1 (g geometry not null); +--error ER_CANT_CREATE_GEOMETRY_OBJECT +insert into t1 values(default); +drop table t1; + diff --git a/sql/item.cc b/sql/item.cc index 9a55eb25e2c..b749ad97e64 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -5505,6 +5505,13 @@ int Item_default_value::save_in_field(Field *field_arg, bool no_conversions) { if (field_arg->flags & NO_DEFAULT_VALUE_FLAG) { + if (field_arg->reset()) + { + my_message(ER_CANT_CREATE_GEOMETRY_OBJECT, + ER(ER_CANT_CREATE_GEOMETRY_OBJECT), MYF(0)); + return -1; + } + if (context->error_processor == &view_error_processor) { TABLE_LIST *view= cached_table->top_table(); @@ -5523,7 +5530,6 @@ int Item_default_value::save_in_field(Field *field_arg, bool no_conversions) ER(ER_NO_DEFAULT_FOR_FIELD), field_arg->field_name); } - field_arg->set_default(); return 1; } field_arg->set_default(); From 0004fa3c5ba73094b2ecdbdf8c258b1b44ccc431 Mon Sep 17 00:00:00 2001 From: "holyfoot/hf@mysql.com/hfmain.(none)" <> Date: Tue, 13 Feb 2007 00:55:45 +0400 Subject: [PATCH 3/3] bug #25492 (Invalid deallocation in mysql_stmt_fetch) --- libmysqld/lib_sql.cc | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/libmysqld/lib_sql.cc b/libmysqld/lib_sql.cc index 3a8bc189e7f..8992bea943b 100644 --- a/libmysqld/lib_sql.cc +++ b/libmysqld/lib_sql.cc @@ -66,6 +66,16 @@ void embedded_get_error(MYSQL *mysql) } } + +static void emb_free_rows(THD *thd) +{ + if (thd->current_stmt) + free_root(&thd->data->alloc,MYF(0)); + else + free_rows(thd->data); +} + + static my_bool emb_advanced_command(MYSQL *mysql, enum enum_server_command command, const char *header, ulong header_length, @@ -78,7 +88,7 @@ emb_advanced_command(MYSQL *mysql, enum enum_server_command command, if (thd->data) { - free_rows(thd->data); + emb_free_rows(thd); thd->data= 0; } /* Check that we are calling the client functions in right order */ @@ -248,13 +258,23 @@ static int emb_stmt_execute(MYSQL_STMT *stmt) int emb_read_binary_rows(MYSQL_STMT *stmt) { - MYSQL_DATA *data; - if (!(data= emb_read_rows(stmt->mysql, 0, 0))) + MYSQL *mysql= stmt->mysql; + embedded_get_error(mysql); + if (mysql->net.last_errno) { - set_stmt_errmsg(stmt, stmt->mysql->net.last_error, - stmt->mysql->net.last_errno, stmt->mysql->net.sqlstate); + set_stmt_errmsg(stmt, mysql->net.last_error, + mysql->net.last_errno, mysql->net.sqlstate); return 1; } + + if (((THD*)mysql->thd)->data) + { + DBUG_ASSERT(((THD*) mysql->thd)->data == &stmt->result); + stmt->result.prev_ptr= NULL; + ((THD*)mysql->thd)->data= NULL; + } + else + stmt->result.rows= 0; return 0; } @@ -285,7 +305,7 @@ static void emb_free_embedded_thd(MYSQL *mysql) { THD *thd= (THD*)mysql->thd; if (thd->data) - free_rows(thd->data); + emb_free_rows(thd); thread_count--; delete thd; mysql->thd=0;