Fixing BUG#15658: Server crashes after creating function as empty string (1e968057) · Commits · Software / OSDI20 Artifacts / mariadb

mysql-test/r/sp-error.result

+19 −0

Original line number	Diff line number	Diff line
		@@ -1128,3 +1128,22 @@ ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function
		drop function bug11555_1;
		drop table t1;
		drop view v1;
		drop procedure if exists ` bug15658`;
		create procedure ``() select 1;
		ERROR 42000: Incorrect routine name ''
		create procedure ` `() select 1;
		ERROR 42000: Incorrect routine name ' '
		create procedure `bug15658 `() select 1;
		ERROR 42000: Incorrect routine name 'bug15658 '
		create procedure ``.bug15658() select 1;
		ERROR 42000: Incorrect database name ''
		create procedure `x `.bug15658() select 1;
		ERROR 42000: Incorrect database name 'x '
		create procedure ` bug15658`() select 1;
		call ` bug15658`();
		1
		1
		show procedure status;
		Db Name Type Definer Modified Created Security_type Comment
		test bug15658 PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER
		drop procedure ` bug15658`;

+27 −0

Original line number	Diff line number	Diff line
		@@ -1556,6 +1556,7 @@ drop procedure bug13012_1\|
		drop function bug13012_2\|
		delimiter ;\|

		#
		# BUG#11555 "Stored procedures: current SP tables locking make
		# impossible view security". We should not expose names of tables
		# which are implicitly used by view (via stored routines/triggers).
		@@ -1616,7 +1617,33 @@ drop function bug11555_1;
		drop table t1;
		drop view v1;

		#
		# BUG#15658: Server crashes after creating function as empty string
		#
		--disable_warnings
		drop procedure if exists ` bug15658`;
		--enable_warnings

		--error ER_SP_WRONG_NAME
		create procedure ``() select 1;
		--error ER_SP_WRONG_NAME
		create procedure ` `() select 1;
		--error ER_SP_WRONG_NAME
		create procedure `bug15658 `() select 1;
		--error ER_WRONG_DB_NAME
		create procedure ``.bug15658() select 1;
		--error ER_WRONG_DB_NAME
		create procedure `x `.bug15658() select 1;

		# This should work
		create procedure ` bug15658`() select 1;
		call ` bug15658`();
		--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
		show procedure status;
		drop procedure ` bug15658`;


		#
		# BUG#NNNN: New bug synopsis
		#
		#--disable_warnings

+2 −0

Original line number	Diff line number	Diff line
		@@ -5605,3 +5605,5 @@ ER_SP_RECURSION_LIMIT
		ger "Rekursionsgrenze %d (durch Variable max_sp_recursion_depth gegeben) wurde fr Routine %.64s berschritten"
		ER_SP_PROC_TABLE_CORRUPT
		eng "Failed to load routine %s. The table mysql.proc is missing, corrupt, or contains bad data (internal code %d)"
		ER_SP_WRONG_NAME 42000
		eng "Incorrect routine name '%-.64s'"

+17 −0

Original line number	Diff line number	Diff line
		@@ -384,6 +384,23 @@ sp_name_current_db_new(THD *thd, LEX_STRING name)
		return qname;
		}

		/*
		* Check that the name 'ident' is ok. It's assumed to be an 'ident'
		* from the parser, so we only have to check length and trailing spaces.
		* The former is a standard requirement (and 'show status' assumes a
		* non-empty name), the latter is a mysql:ism as trailing spaces are
		* removed by get_field().
		*
		* RETURN
		* TRUE - bad name
		* FALSE - name is ok
		*/

		bool
		sp_name_check(LEX_STRING ident)
		{
		return (!ident.str \|\| !ident.str[0] \|\| ident.str[ident.length-1] == ' ');
		}

		/* ------------------------------------------------------------------ */

+2 −0

Original line number	Diff line number	Diff line
		@@ -102,6 +102,8 @@ class sp_name : public Sql_alloc
		sp_name *
		sp_name_current_db_new(THD *thd, LEX_STRING name);

		bool
		sp_name_check(LEX_STRING name);

		class sp_head :private Query_arena
		{