From 425207c938447c209756351a3e4a00d66eb9c3c1 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 11 Nov 2005 11:10:52 +0100 Subject: [PATCH] Fixed BUG#14723: Dumping of stored functions seems to cause corruption in the function body Changed the way the end of query was found from the lex state. The routine body was not extracted correctly when using the /*!version ... */ wrapper (in dump files); for some types of routines (e.g. with a label at the first begin), the trailing "*/" was not skipped. mysql-test/r/sp.result: New test case for BUG#14723. mysql-test/t/sp.test: New test case for BUG#14723. sql/sp_head.cc: Changed the way the end of the definition and body is found from the lex state. In the case of /*!version */ wrappers we must take the trailing " */" into account. --- mysql-test/r/sp.result | 31 +++++++++++++++++++++++++++++++ mysql-test/t/sp.test | 32 ++++++++++++++++++++++++++++++++ sql/sp_head.cc | 25 ++++++++++++++----------- 3 files changed, 77 insertions(+), 11 deletions(-) diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result index d50e6dd3751..1e49f966bc4 100644 --- a/mysql-test/r/sp.result +++ b/mysql-test/r/sp.result @@ -3617,4 +3617,35 @@ count(*) drop table t3, t4| drop procedure bug14210| set @@session.max_heap_table_size=default| +drop function if exists bug14723| +drop procedure if exists bug14723| +/*!50003 create function bug14723() +returns bigint(20) +main_loop: begin +return 42; +end */;; +show create function bug14723;; +Function sql_mode Create Function +bug14723 CREATE FUNCTION `bug14723`() RETURNS bigint(20) +main_loop: begin +return 42; +end +select bug14723();; +bug14723() +42 +/*!50003 create procedure bug14723() +main_loop: begin +select 42; +end */;; +show create procedure bug14723;; +Procedure sql_mode Create Procedure +bug14723 CREATE PROCEDURE `bug14723`() +main_loop: begin +select 42; +end +call bug14723();; +42 +42 +drop function bug14723| +drop procedure bug14723| drop table t1,t2; diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test index eaf69c0ab03..362faec167c 100644 --- a/mysql-test/t/sp.test +++ b/mysql-test/t/sp.test @@ -4541,6 +4541,38 @@ drop table t3, t4| drop procedure bug14210| set @@session.max_heap_table_size=default| + +# +# BUG#1473: Dumping of stored functions seems to cause corruption in +# the function body +# +--disable_warnings +drop function if exists bug14723| +drop procedure if exists bug14723| +--enable_warnings + +delimiter ;;| +/*!50003 create function bug14723() + returns bigint(20) +main_loop: begin + return 42; +end */;; +show create function bug14723;; +select bug14723();; + +/*!50003 create procedure bug14723() +main_loop: begin + select 42; +end */;; +show create procedure bug14723;; +call bug14723();; + +delimiter |;; + +drop function bug14723| +drop procedure bug14723| + + # # BUG#NNNN: New bug synopsis # diff --git a/sql/sp_head.cc b/sql/sp_head.cc index abc66ce0b21..3073372cd00 100644 --- a/sql/sp_head.cc +++ b/sql/sp_head.cc @@ -476,7 +476,7 @@ void sp_head::init_strings(THD *thd, LEX *lex, sp_name *name) { DBUG_ENTER("sp_head::init_strings"); - uint n; /* Counter for nul trimming */ + uchar *endp; /* Used to trim the end */ /* During parsing, we must use thd->mem_root */ MEM_ROOT *root= thd->mem_root; @@ -509,17 +509,20 @@ sp_head::init_strings(THD *thd, LEX *lex, sp_name *name) (char *)m_param_begin, m_params.length); } - m_body.length= lex->ptr - m_body_begin; - /* Trim nuls at the end */ - n= 0; - while (m_body.length && m_body_begin[m_body.length-1] == '\0') - { - m_body.length-= 1; - n+= 1; - } + /* If ptr has overrun end_of_query then end_of_query is the end */ + endp= (lex->ptr > lex->end_of_query ? lex->end_of_query : lex->ptr); + /* + Trim "garbage" at the end. This is sometimes needed with the + "/ * ! VERSION... * /" wrapper in dump files. + */ + while (m_body_begin < endp && + (endp[-1] <= ' ' || endp[-1] == '*' || + endp[-1] == '/' || endp[-1] == ';')) + endp-= 1; + + m_body.length= endp - m_body_begin; m_body.str= strmake_root(root, (char *)m_body_begin, m_body.length); - m_defstr.length= lex->ptr - lex->buf; - m_defstr.length-= n; + m_defstr.length= endp - lex->buf; m_defstr.str= strmake_root(root, (char *)lex->buf, m_defstr.length); DBUG_VOID_RETURN; }