Bug #15392 Server crashes during prepared statement execute
Submitted: 1 Dec 2005 16:19 Modified: 7 Dec 2005 20:04
Reporter: Paul O'HAre Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.15 OS:Any (any)
Assigned to: Konstantin Osipov CPU Architecture:Any

[1 Dec 2005 16:19] Paul O'HAre
Description:
I am using a prepared statement to execute a stored procedure from within another stored procedure.

This works fine if the stored procedure exists and I specify the correct number of parameters.

But if the stored procedure does not exists or I use the wrong number of parameters the server crashes.

Whether the server crashes or not is dependant on which database is current.
In the code below bbb is current if you make aaa current then you get a proper error message.

Obviously the code below is meaningless as I have stripped out all the unecessary detail.

I only came accross this problem while testing an sp directly.

If you place the call to spTestA in another sp the server does not crash.

How to repeat:
DELIMITER $$

DROP SCHEMA IF EXISTS aaa;
DROP SCHEMA IF EXISTS bbb;
DROP SCHEMA IF EXISTS ccc;
CREATE SCHEMA aaa;
CREATE SCHEMA bbb;
CREATE SCHEMA ccc;

USE bbb;

DROP PROCEDURE IF EXISTS aaa.spTestA$$

CREATE PROCEDURE aaa.spTestA
                (
                 OUT pRequestId VARCHAR(100)
                )
BEGIN
  CALL bbb.spTestB('call ccc.spTestC(1, 2)');
END$$

DROP PROCEDURE IF EXISTS bbb.spTestB$$

CREATE PROCEDURE bbb.spTestB(IN pSQL TEXT)
BEGIN
  DECLARE lSQL TEXT;
  SET @lSQL = pSQL;
  PREPARE lStatement FROM @lSQL;
  EXECUTE lStatement;
  DEALLOCATE PREPARE lStatement;
END$$

DROP PROCEDURE IF EXISTS ccc.spTestC$$

CREATE PROCEDURE ccc.spTestC(IN p1 INT)
BEGIN
  SELECT p1;
END$$
DELIMITER ;

CALL aaa.spTestA(@rs);
[1 Dec 2005 17:25] MySQL Verification Team
Verified with 5.0.17-debug-log.

Backtrace:

(gdb) bt
#0  0x0817869c in Item_func_set_user_var::update_hash (this=0x8eac898, ptr=0x8eacc5c, length=8, type=INT_RESULT, cs=0x87ec4c0,
    dv=DERIVATION_IMPLICIT) at item_func.cc:3532
#1  0x08178d61 in Item_func_set_user_var::update (this=0x8eac898) at item_func.cc:3741
#2  0x08359623 in sp_head::execute_procedure (this=0x8eb7250, thd=0x8e7ff88, args=0x8e80454) at sp_head.cc:1469
#3  0x081fd5ae in mysql_execute_command (thd=0x8e7ff88) at sql_parse.cc:4308
#4  0x08200c80 in mysql_parse (thd=0x8e7ff88, inBuf=0x8eac560 "CALL aaa.spTestA(@rs)", length=21) at sql_parse.cc:5581
#5  0x081f5f5a in dispatch_command (command=COM_QUERY, thd=0x8e7ff88, packet=0x8ea4501 "CALL aaa.spTestA(@rs)", packet_length=22)
    at sql_parse.cc:1709
#6  0x081f5745 in do_command (thd=0x8e7ff88) at sql_parse.cc:1510
#7  0x081f47d5 in handle_one_connection (arg=0x8e7ff88) at sql_parse.cc:1155
#8  0xb7d41f1b in pthread_start_thread () from /lib/libpthread.so.0
#9  0xb7d41f9f in pthread_start_thread_event () from /lib/libpthread.so.0
#10 0xb7c70fda in clone () from /lib/libc.so.6
[6 Dec 2005 19:10] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/33088
[6 Dec 2005 22:52] Konstantin Osipov
Fixed in 5.0 tree, currently tagged 5.0.17
[7 Dec 2005 20:04] Paul DuBois
Noted in 5.0.17 changelog.