diff --git a/client/mysql_upgrade.c b/client/mysql_upgrade.c index 15fa6622f74..74e8c9dd577 100644 --- a/client/mysql_upgrade.c +++ b/client/mysql_upgrade.c @@ -364,7 +364,9 @@ static void find_tool(char *tool_executable_name, const char *tool_name, } else { - /* + int len; + + /* mysql_upgrade was run absolutely or relatively. We can find a sibling by replacing our name after the LIBCHAR with the new tool name. */ @@ -385,10 +387,10 @@ static void find_tool(char *tool_executable_name, const char *tool_name, last_fn_libchar -= 6; } + len= last_fn_libchar - self_name; + my_snprintf(tool_executable_name, FN_REFLEN, "%.*s%c%s", - (last_fn_libchar - self_name), self_name, - FN_LIBCHAR, - tool_name); + len, self_name, FN_LIBCHAR, tool_name); } verbose("Looking for '%s' as: %s", tool_name, tool_executable_name); diff --git a/mysys/mf_keycache.c b/mysys/mf_keycache.c index f27ade7bfc0..0720d172317 100644 --- a/mysys/mf_keycache.c +++ b/mysys/mf_keycache.c @@ -1382,7 +1382,7 @@ restart: /* We don't need the page in the cache: we are going to write on disk */ hash_link->requests--; unlink_hash(keycache, hash_link); - return 0; + DBUG_RETURN(0); } if (!(block->status & BLOCK_IN_FLUSH)) { @@ -1399,7 +1399,7 @@ restart: flag (see the code below that handles reading requests). */ free_block(keycache, block); - return 0; + DBUG_RETURN(0); } /* Wait intil the page is flushed on disk */ hash_link->requests--; @@ -1429,7 +1429,7 @@ restart: /* Invalidate page in the block if it has not been done yet */ if (block->status) free_block(keycache, block); - return 0; + DBUG_RETURN(0); } if (page_status == PAGE_READ && diff --git a/sql/sql_cursor.cc b/sql/sql_cursor.cc index c2345f1f2cd..16567765ba6 100644 --- a/sql/sql_cursor.cc +++ b/sql/sql_cursor.cc @@ -111,7 +111,8 @@ class Select_materialize: public select_union select_result *result; /* the result object of the caller (PS or SP) */ public: Materialized_cursor *materialized_cursor; - Select_materialize(select_result *result_arg) :result(result_arg) {} + Select_materialize(select_result *result_arg) :result(result_arg), + materialized_cursor(0) {} virtual bool send_fields(List &list, uint flags); }; @@ -155,6 +156,7 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, if (! (sensitive_cursor= new (thd->mem_root) Sensitive_cursor(thd, result))) { delete result_materialize; + result_materialize= NULL; return 1; } @@ -212,6 +214,7 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, if ((rc= materialized_cursor->open(0))) { delete materialized_cursor; + materialized_cursor= NULL; goto err_open; } diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index 5e1c2afe84a..4336bfa0c59 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -16189,6 +16189,35 @@ static void test_bug32265() DBUG_VOID_RETURN; } + +/** + Bug#38486 Crash when using cursor protocol +*/ + +static void test_bug38486(void) +{ + myheader("test_bug38486"); + + MYSQL_STMT *stmt; + stmt= mysql_stmt_init(mysql); + unsigned long type= CURSOR_TYPE_READ_ONLY; + mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type); + const char *sql= "CREATE TABLE t1 (a INT)"; + mysql_stmt_prepare(stmt,sql,strlen(sql)); + + mysql_stmt_execute(stmt); + mysql_stmt_close(stmt); + + stmt= mysql_stmt_init(mysql); + mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void*)&type); + const char *sql2= "INSERT INTO t1 VALUES (1)"; + mysql_stmt_prepare(stmt,sql2,strlen(sql2)); + mysql_stmt_execute(stmt); + + mysql_stmt_close(stmt); +} + + /* Read and parse arguments and MySQL options from my.cnf */ @@ -16483,6 +16512,7 @@ static struct my_tests_st my_tests[]= { { "test_bug29306", test_bug29306 }, { "test_bug31669", test_bug31669 }, { "test_bug32265", test_bug32265 }, + { "test_bug38486", test_bug38486 }, { 0, 0 } };