revision-id: 4d1644216fde19c7198b9c15110b513dac0f5a72 (mariadb-10.2.31-581-g4d16442) parent(s): 190e8a4c2aeb417b405756b193e135c542d46b34 author: Igor Babaev committer: Igor Babaev timestamp: 2020-11-16 19:59:50 -0800 message: MDEV-24220 Server crash in base_list_iterator::next or in TABLE_LIST::is_recursive_with_tables After the patch for MDEV-23619 the code of st_select_lex::cleanup started using the list st_select_lex::leaf_tables. This list is built for any query with FROM clause in the function setup_tables(). If such query is used in a stored procedure it must be ensured that the list is empty before each new call of the procedure. Otherwise if the first call of the procedure is successful while the second call reports an error before the setup_tables() is invoked then list st_select_lex::leaf_tables would point to a piece of memory that has been already freed. --- mysql-test/r/sp.result | 20 ++++++++++++++++++++ mysql-test/t/sp.test | 25 +++++++++++++++++++++++++ sql/sql_union.cc | 1 + 3 files changed, 46 insertions(+) diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result index c4d3779..b679f3f 100644 --- a/mysql-test/r/sp.result +++ b/mysql-test/r/sp.result @@ -8467,3 +8467,23 @@ $$ ERROR 22007: Incorrect integer value: 'y' for column ``.``.`a` at row 1 DROP TABLE t1; SET sql_mode=DEFAULT; +# +# MDEV-24220: error when opening a table for the second call of SP +# +CREATE TABLE t1 (a INT, b INT); +INSERT INTO t1 VALUES (1,1),(2,2); +CREATE VIEW v1 AS SELECT MAX(a) as f FROM t1; +CREATE PROCEDURE p1() +BEGIN +SELECT * FROM v1; +END $ +CALL p1; +f +2 +ALTER TABLE t1 DROP a; +CALL p1; +ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them +DROP PROCEDURE p1; +DROP VIEW v1; +DROP TABLE t1; +#End of 10.2 tests diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test index 99b8430..f13b3fb 100644 --- a/mysql-test/t/sp.test +++ b/mysql-test/t/sp.test @@ -10001,3 +10001,28 @@ $$ DELIMITER ;$$ DROP TABLE t1; SET sql_mode=DEFAULT; + +--echo # +--echo # MDEV-24220: error when opening a table for the second call of SP +--echo # + +CREATE TABLE t1 (a INT, b INT); +INSERT INTO t1 VALUES (1,1),(2,2); +CREATE VIEW v1 AS SELECT MAX(a) as f FROM t1; +--delimiter $ +CREATE PROCEDURE p1() +BEGIN + SELECT * FROM v1; +END $ +--delimiter ; + +CALL p1; +ALTER TABLE t1 DROP a; +-- error ER_VIEW_INVALID +CALL p1; + +DROP PROCEDURE p1; +DROP VIEW v1; +DROP TABLE t1; + +--echo #End of 10.2 tests diff --git a/sql/sql_union.cc b/sql/sql_union.cc index 9a16237..7716f79 100644 --- a/sql/sql_union.cc +++ b/sql/sql_union.cc @@ -1568,6 +1568,7 @@ bool st_select_lex::cleanup() delete join; join= 0; } + leaf_tables.empty(); for (SELECT_LEX_UNIT *lex_unit= first_inner_unit(); lex_unit ; lex_unit= lex_unit->next_unit()) {