Bug #26191 db_length forgot to be restored in Event_job_data::compile? mismatch with db
Submitted: 8 Feb 2007 17:26 Modified: 28 Apr 2007 21:56
Reporter: Shan Lu Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Stored Routines Severity:S2 (Serious)
Version:5.1.16-BK, 5.2.0-falcon-alpha OS:Linux (Linux)
Assigned to: Konstantin Osipov CPU Architecture:Any

[8 Feb 2007 17:26] Shan Lu 
Description:
When I was trying a static analysis tool, I find that in file event_data_objects.cc, function Event_job_data::compile, thd->db_length and thd-db are not updated consistently.

Following code is from function Event_job_data::compile

line 1772  old_db= thd->db;
line 1773  old_db_length= thd->db_length;
line 1774  thd->db= dbname.str;
line 1775  thd->db_length= dbname.length;
...
line 1820  thd->db = old_db
<------------is the restore for thd->db_length missed here?

Actually, all the `old'-values, except for thd->db_length, are restored at the end of that function. However, old_db_length is no longer used after line 1773; thd->db_length didn't get restored.

I think this could cause serious problem, because thd->db probably does not match thd->db_length after this function. Such mismatch could cause wrong output or even crash.

How to repeat:
No test case yet. It is detected by some static analysis tool

Suggested fix:
add 
thd->db_length = old_db_length;

to the end of function int Event_job_data::compile(THD *thd, MEM_ROOT *mem_root) in file sql/event_data_objects.cc
[9 Feb 2007 11:30] Valeriy Kravchuk 
Thank you for a problem report. Verified also with latest 5.1.16-BK source code (line numbers are a bit different, but anyway):

line 1777  old_db= thd->db;
line 1778  old_db_length= thd->db_length;

...

done:

  lex_end(&lex);
  event_restore_security_context(thd, &save_ctx);
  DBUG_PRINT("note", ("return old data on its place. set back NAMES"));

  thd->lex= old_lex;
  thd->query= old_query;
  thd->query_length= old_query_len;
  thd->db= old_db;

  thd->variables.sql_mode= old_sql_mode;
  thd->variables.character_set_client= old_character_set_client;
  thd->variables.character_set_results= old_character_set_results;
  thd->variables.collation_connection= old_collation_connection;
  thd->update_charset();

  /* Change the memory root for the execution time. */
  if (mem_root)
    thd->mem_root= tmp_mem_root;

  DBUG_RETURN(ret);
}
[10 Apr 2007 21:59] Konstantin Osipov 
The patch for Bug#27733 also fixes this bug.
[28 Apr 2007 21:56] Konstantin Osipov 
Fixed in the patch for Bug#27733.
No documentation entry is needed.