Bug #3393 DO/SET + IN/ALL/ANY subquery + prepared statement = crash
Submitted: 5 Apr 2004 15:04 Modified: 18 Apr 2004 9:24
Reporter: Oleksandr Byelkin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.1 OS:Any (all)
Assigned to: Oleksandr Byelkin CPU Architecture:Any

[5 Apr 2004 15:04] Oleksandr Byelkin
Description:
DO/SET commands with transformed subqueries cause server crash if used via 
prepared statements  

How to repeat:
static void test_do_set() 
{ 
  MYSQL_STMT *stmt_do, *stmt_set; 
  char *query; 
  int rc, i; 
  myheader("test_do_set"); 
   
  rc = mysql_query(mysql, "DROP TABLE IF EXISTS t1"); 
  myquery(rc); 
 
  rc= mysql_query(mysql,"create table t1 (a int)"); 
  myquery(rc); 
   
  query= (char*)"do @var:=(1 in (select * from t1))"; 
  stmt_do= mysql_prepare(mysql, query, strlen(query)); 
  mystmt_init(stmt_do); 
 
  query= (char*)"set @var=(1 in (select * from t1))"; 
  stmt_set= mysql_prepare(mysql, query, strlen(query)); 
  mystmt_init(stmt_set); 
 
  for (i= 0; i < 3; i++) 
  { 
    rc= mysql_execute(stmt_do); 
    mystmt(stmt_do, rc); 
    fprintf(stdout, "do %i\n", i); 
    rc= mysql_execute(stmt_set); 
    mystmt(stmt_set, rc); 
    fprintf(stdout, "set %i\n", i);   
  } 
   
  mysql_stmt_close(stmt_do); 
  mysql_stmt_close(stmt_set); 
} 

Suggested fix:
call fix_fields() on preparation phase
[7 Apr 2004 14:24] Oleksandr Byelkin
ChangeSet 
  1.1773 04/04/08 00:16:17 bell@sanja.is.com.ua +39 -0 
  new error for unsupported command in PS 
  fixed IN subselect with basic constant left expression 
  SQLCOM_CREATE_TABLE, SQLCOM_UPDATE_MULTI, SQLCOM_REPLACE_SELECT, 
SQLCOM_INSERT_SELECT, QLCOM_DELETE_MULTI fixed to be compatible with PS 
(BUG#3398, BUG#3406) 
  fixed multiupdate privelege check (BUG#3408) 
  fixed multiupdate tables check (BUG#3411) 
  unchecked commands now is rejected by PS protocol to avoid serever crash 
  fixed cleunup procedure to be compatible sith DO/SET (BUG#3393)
[18 Apr 2004 9:24] Oleksandr Byelkin
Thank you for bugreport. Fix for this bug is pushed to our internal source 
repository and vill be present in next server release