Bug #13705 parameters to stored procedures are not verified
Submitted: 3 Oct 2005 10:23 Modified: 7 Dec 2005 20:43
Reporter: Gabriel PREDA Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Stored Routines Severity:S3 (Non-critical)
Version:5.0.13-rc-nt-log OS:Microsoft Windows (Windows XP SP2)
Assigned to: Alexander Nozdrin CPU Architecture:Any

[3 Oct 2005 10:23] Gabriel PREDA
Description:
Stored Procedure accepts fraudulent arguments... and does not cast them !

How to repeat:
CREATE PROCEDURE `name_of_proc` (IN x_func VARCHAR(10), IN delimiter CHAR(3))
READS SQL DATA
BEGIN
........

END
-------------------OK-------------------
Calling with:
  CALL name_of_proc ("alpha,"abc");
Works ok... inside result I see the "abc" string...

But calling with:
  CALL name_of_proc ("alpha,"abc_def");
notice that the second param is more then 3 characters... and instead of at least a warning I get the "abc_def" string...

Suggested fix:
Parameter checkout applying MySQL rules... in this case a good fix would be to truncate the second param acording to it's definition !
[3 Oct 2005 10:49] Valeriy Kravchuk
Thank you for a bug report. It is easily repeatable:

mysql> select version()//
+--------------+
| version()    |
+--------------+
| 5.0.13-rc-nt |
+--------------+
1 row in set (0.19 sec)

mysql> CREATE PROCEDURE `name_of_proc` (IN x_func VARCHAR(10), IN delimiter CHAR(3))
    -> READS SQL DATA
    -> BEGIN
    ->   select x_func, delimiter;
    -> END//
Query OK, 0 rows affected (0.17 sec)

mysql> call name_of_proc('alpha', 'abc')//
+--------+-----------+
| x_func | delimiter |
+--------+-----------+
| alpha  | abc       |
+--------+-----------+
1 row in set (0.06 sec)

Query OK, 0 rows affected (0.09 sec)

mysql> call name_of_proc('alpha', 'abc_def')//
+--------+-----------+
| x_func | delimiter |
+--------+-----------+
| alpha  | abc_def   |
+--------+-----------+
1 row in set (0.00 sec)

Query OK, 0 rows affected (0.02 sec)

Yes, it would be better either to change the behaviour according to your suggestion (and give a warning about trancation) or, at least, to describe current behaviour in the documentation properly.
[7 Dec 2005 20:43] Paul Dubois
Noted in 5.0.18 changelog.