Bug #17039 Cursor with procedure crashes client
Submitted: 2 Feb 2006 13:54 Modified: 14 Nov 2006 3:38
Reporter: Magnus Blåudd Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Prepared statements Severity:S3 (Non-critical)
Version:5.0.19 OS:Linux (Linux)
Assigned to: Magnus Blåudd CPU Architecture:Any

[2 Feb 2006 13:54] Magnus Blåudd
Running a query like "SELECT * FROM t1 procedure analyse()" will cause an assertion in the libmysql.

libmysql.c:2190: update_stmt_fields: Assertion `stmt->field_count == stmt->mysql->field_count' failed.

How to repeat:
Run the query "SELECT * FROM t1 procedure analyse()" as a server side cursor on a table t1 that not has as many fields as the output from "procedure analyse()"

Suggested fix:
The problem is that the number of fields in the field description sent to the client whyen the query is executed does not match the number of fields actually sent. 

When executing a "procedure" the field list is modified in JOIN::exec and a new one is built from the number of fields returned by the procedure. This field list is the one that should be sent to the client. But instead the original field list from "SELECT *" is sent.
[7 Sep 2006 14:44] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:


ChangeSet@1.2232, 2006-09-07 16:44:18+02:00, msvensson@neptunus.(none) +2 -0
  Bug#17039 Cursor with procedure crashes client
   - Change 'get_unit_column_type" to return the field list for the procedure
[14 Nov 2006 3:38] Paul DuBois
Noted in 5.0.30 (not 5.0.29), 5.1.13 changelogs.

A client library crash was caused by executing a statement such as
SELECT * FROM t1 PROCEDURE ANALYSE() using a server side cursor on a
table t1 that does not have the same number of columns as the output