From 94bd96e815333955974b53ca42e4480c8754b75c Mon Sep 17 00:00:00 2001 From: Vladislav Vaintroub Date: Tue, 23 Feb 2010 12:48:26 +0100 Subject: [PATCH] Bug#43201 : Stack overrun when running sp-error test. It appears that stack overflow checks for recusrive stored procedure calls, that run in the normal server, did not work in embedded and were dummified with preprocessor magic( #ifndef EMBEDDED_SERVER ). The fix is to remove ifdefs, there is no reason not to run overflow checks and crash in deeply recursive calls. Note: Start of the stack (thd->thread_stack variable) in embedded is not necessarily exact but stil provides the best guess. Unless the caller of mysql_read_connect() is already deep in the stack, thd->thread_stack variable should approximate stack start address well. --- sql/item_cmpfunc.cc | 4 ---- sql/item_func.cc | 4 ---- sql/opt_range.cc | 2 -- sql/sql_parse.cc | 3 +-- sql/sql_select.cc | 2 -- 5 files changed, 1 insertion(+), 14 deletions(-) diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 1da383ce3e9..ed465cbe280 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -2865,9 +2865,7 @@ bool Item_func_case::fix_fields(THD *thd, Item **ref) buff should match stack usage from Item_func_case::val_int() -> Item_func_case::find_item() */ -#ifndef EMBEDDED_LIBRARY uchar buff[MAX_FIELD_WIDTH*2+sizeof(String)*2+sizeof(String*)*2+sizeof(double)*2+sizeof(longlong)*2]; -#endif bool res= Item_func::fix_fields(thd, ref); /* Call check_stack_overrun after fix_fields to be sure that stack variable @@ -4081,9 +4079,7 @@ Item_cond::fix_fields(THD *thd, Item **ref) DBUG_ASSERT(fixed == 0); List_iterator li(list); Item *item; -#ifndef EMBEDDED_LIBRARY uchar buff[sizeof(char*)]; // Max local vars in function -#endif not_null_tables_cache= used_tables_cache= 0; const_item_cache= 1; /* diff --git a/sql/item_func.cc b/sql/item_func.cc index 75f8b2045b5..e49ee4346b1 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -151,9 +151,7 @@ Item_func::fix_fields(THD *thd, Item **ref) { DBUG_ASSERT(fixed == 0); Item **arg,**arg_end; -#ifndef EMBEDDED_LIBRARY // Avoid compiler warning uchar buff[STACK_BUFF_ALLOC]; // Max argument in function -#endif used_tables_cache= not_null_tables_cache= 0; const_item_cache=1; @@ -2839,9 +2837,7 @@ bool udf_handler::fix_fields(THD *thd, Item_result_field *func, uint arg_count, Item **arguments) { -#ifndef EMBEDDED_LIBRARY // Avoid compiler warning uchar buff[STACK_BUFF_ALLOC]; // Max argument in function -#endif DBUG_ENTER("Item_udf_func::fix_fields"); if (check_stack_overrun(thd, STACK_MIN_SIZE, buff)) diff --git a/sql/opt_range.cc b/sql/opt_range.cc index b9ea8c7c991..68285563239 100644 --- a/sql/opt_range.cc +++ b/sql/opt_range.cc @@ -2266,9 +2266,7 @@ int SQL_SELECT::test_quick_select(THD *thd, key_map keys_to_use, keys_to_use.intersect(head->keys_in_use_for_query); if (!keys_to_use.is_clear_all()) { -#ifndef EMBEDDED_LIBRARY // Avoid compiler warning uchar buff[STACK_BUFF_ALLOC]; -#endif MEM_ROOT alloc; SEL_TREE *tree= NULL; KEY_PART *key_parts; diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index b0d8614dc84..c7e1be2237b 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -5171,7 +5171,6 @@ bool check_global_access(THD *thd, ulong want_access) Check stack size; Send error if there isn't enough stack to continue ****************************************************************************/ -#ifndef EMBEDDED_LIBRARY #if STACK_DIRECTION < 0 #define used_stack(A,B) (long) (A - B) @@ -5209,7 +5208,7 @@ bool check_stack_overrun(THD *thd, long margin, #endif return 0; } -#endif /* EMBEDDED_LIBRARY */ + #define MY_YACC_INIT 1000 // Start with big alloc #define MY_YACC_MAX 32000 // Because of 'short' diff --git a/sql/sql_select.cc b/sql/sql_select.cc index c37aeb39f6c..468f81a7d87 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -2516,9 +2516,7 @@ static ha_rows get_quick_record_count(THD *thd, SQL_SELECT *select, { int error; DBUG_ENTER("get_quick_record_count"); -#ifndef EMBEDDED_LIBRARY // Avoid compiler warning uchar buff[STACK_BUFF_ALLOC]; -#endif if (check_stack_overrun(thd, STACK_MIN_SIZE, buff)) DBUG_RETURN(0); // Fatal error flag is set if (select)