Bug #34587 Creating a view inside a stored procedure leads to a server crash
Submitted: 15 Feb 2008 10:56 Modified: 15 Mar 2008 11:03
Reporter: Davi Arnaut (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Stored Routines Severity:S3 (Non-critical)
Version:5.1+ OS:Any
Assigned to: Davi Arnaut CPU Architecture:Any
Triage: D1 (Critical)

[15 Feb 2008 10:56] Davi Arnaut
Description:
Creating views inside a stored procedure may lead to invalid (freed) memory access. The problem is that the SELECT of a CREATE VIEW statement it's not being properly allocated within the memory root of the stored procedure.

How to repeat:
delimiter |;
create procedure p()
begin
  declare continue handler for sqlexception begin end;
  create view a as select 1;
end|
delimiter ;|
call p();
call p();
drop procedure p;

Suggested fix:
If creating a view inside a stored procedure, allocate the SELECT part of a CREATE VIEW statement within the memory root of the stored procedure.
[15 Feb 2008 11:41] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/42344

ChangeSet@1.2552, 2008-02-15 09:40:55-02:00, davi@mysql.com +5 -0
  Bug#34587 Creating a view inside a stored procedure leads to a server crash
  
  The problem is that when a stored procedure is being parsed for
  the first execution, the body is copied to a temporary buffer
  which is disregarded sometime after the statement is parsed.
  And during this parsing phase, the rule for CREATE VIEW was
  holding a reference to the string being parsed for use during
  the execution of the CREATE VIEW statement, leading to invalid
  memory access later.
  
  The solution is to allocate and copy the SELECT of a CREATE
  VIEW statement using the thread memory root, which is set to
  the permanent arena of the stored procedure.
[20 Feb 2008 14:45] Konstantin Osipov
Approved by email.
[20 Feb 2008 20:27] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/42699

ChangeSet@1.2552, 2008-02-20 17:26:50-03:00, davi@mysql.com +5 -0
  Bug#34587 Creating a view inside a stored procedure leads to a server crash
  
  The problem is that when a stored procedure is being parsed for
  the first execution, the body is copied to a temporary buffer
  which is disregarded sometime after the statement is parsed.
  And during this parsing phase, the rule for CREATE VIEW was
  holding a reference to the string being parsed for use during
  the execution of the CREATE VIEW statement, leading to invalid
  memory access later.
  
  The solution is to allocate and copy the SELECT of a CREATE
  VIEW statement using the thread memory root, which is set to
  the permanent arena of the stored procedure.
[20 Feb 2008 20:30] Davi Arnaut
Queued in 5.1-runtime
[3 Mar 2008 18:19] Bugs System
Pushed into 5.1.24-rc
[3 Mar 2008 18:20] Bugs System
Pushed into 6.0.5-alpha
[15 Mar 2008 11:03] Jon Stephens
Documented bugfix in the 5.1.24 and 6.0.5 changelogs as follows:

        Creating a view inside a stored procedure could lead to a crash of the
        MySQL Server.
[2 Apr 2008 19:58] Jon Stephens
Also noted in the 5.1.23-ndb-6.3.11 changelog.