1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug#38486 Crash when using cursor protocol

Browse Source 
Server side cursors were not initialized properly and this caused a reference to
uninitialized memory.
This commit is contained in:
Kristofer Pettersson 2008-08-11 11:40:54 +02:00
parent 0a415f62fd
commit 75a5ecbd72
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sql/sql_cursor.cc
View File

@ -111,7 +111,8 @@ class Select_materialize: public select_union
select_result *result; /* the result object of the caller (PS or SP) */ select_result *result; /* the result object of the caller (PS or SP) */
public: public:
Materialized_cursor *materialized_cursor; Materialized_cursor *materialized_cursor;
Select_materialize(select_result *result_arg) :result(result_arg) {} Select_materialize(select_result *result_arg) :result(result_arg),
materialized_cursor(0) {}
virtual bool send_fields(List<Item> &list, uint flags); virtual bool send_fields(List<Item> &list, uint flags);
}; };
@ -155,6 +156,7 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result,
if (! (sensitive_cursor= new (thd->mem_root) Sensitive_cursor(thd, result))) if (! (sensitive_cursor= new (thd->mem_root) Sensitive_cursor(thd, result)))
{ {
delete result_materialize; delete result_materialize;
result_materialize= NULL;
return 1; return 1;
} }
@ -212,6 +214,7 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result,
if ((rc= materialized_cursor->open(0))) if ((rc= materialized_cursor->open(0)))
{ {
delete materialized_cursor; delete materialized_cursor;
materialized_cursor= NULL;
goto err_open; goto err_open;
} }

30
tests/mysql_client_test.c
View File

@ -16189,6 +16189,35 @@ static void test_bug32265()
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
} }
/**
Bug#38486 Crash when using cursor protocol
*/
static void test_bug38486(void)
{
myheader("test_bug38486");
MYSQL_STMT *stmt;
stmt= mysql_stmt_init(mysql);
unsigned long type= CURSOR_TYPE_READ_ONLY;
mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type);
const char *sql= "CREATE TABLE t1 (a INT)";
mysql_stmt_prepare(stmt,sql,strlen(sql));
mysql_stmt_execute(stmt);
mysql_stmt_close(stmt);
stmt= mysql_stmt_init(mysql);
mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type);
const char *sql2= "INSERT INTO t1 VALUES (1)";
mysql_stmt_prepare(stmt,sql2,strlen(sql2));
mysql_stmt_execute(stmt);
mysql_stmt_close(stmt);
}
/* /*
Read and parse arguments and MySQL options from my.cnf Read and parse arguments and MySQL options from my.cnf
*/ */
@ -16483,6 +16512,7 @@ static struct my_tests_st my_tests[]= {
{ "test_bug29306", test_bug29306 }, { "test_bug29306", test_bug29306 },
{ "test_bug31669", test_bug31669 }, { "test_bug31669", test_bug31669 },
{ "test_bug32265", test_bug32265 }, { "test_bug32265", test_bug32265 },
{ "test_bug38486", test_bug38486 },
{ 0, 0 } { 0, 0 }
}; };