Bug #17039 Cursor with procedure crashes client
Submitted: 2 Feb 2006 14:54 Modified: 14 Nov 2006 4:38
Reporter: Magnus Svensson
Status: Closed
Category:Server: PS Severity:S3 (Non-critical)
Version:5.0.19 OS:Linux (Linux)
Assigned to: Magnus Svensson Target Version:

[2 Feb 2006 14:54] Magnus Svensson 
Description:
Running a query like "SELECT * FROM t1 procedure analyse()" will cause an assertion in the
libmysql.

libmysql.c:2190: update_stmt_fields: Assertion `stmt->field_count ==
stmt->mysql->field_count' failed.

How to repeat:
Run the query "SELECT * FROM t1 procedure analyse()" as a server side cursor on a table t1
that not has as many fields as the output from "procedure analyse()"

Suggested fix:
The problem is that the number of fields in the field description sent to the client whyen
the query is executed does not match the number of fields actually sent. 

When executing a "procedure" the field list is modified in JOIN::exec and a new one is
built from the number of fields returned by the procedure. This field list is the one that
should be sent to the client. But instead the original field list from "SELECT *" is sent.
[7 Sep 2006 16:44] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/11546

ChangeSet@1.2232, 2006-09-07 16:44:18+02:00, msvensson@neptunus.(none) +2 -0
  Bug#17039 Cursor with procedure crashes client
   - Change 'get_unit_column_type" to return the field list for the procedure
[14 Nov 2006 4:38] Paul DuBois 
Noted in 5.0.30 (not 5.0.29), 5.1.13 changelogs.

A client library crash was caused by executing a statement such as
SELECT * FROM t1 PROCEDURE ANALYSE() using a server side cursor on a
table t1 that does not have the same number of columns as the output
from PROCEDURE ANALYSE().