Bug #38486 Crash when using cursor protocol
Submitted: 31 Jul 2008 11:37 Modified: 12 Aug 2008 19:40
Reporter: Kristofer Pettersson Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Prepared statements Severity:S3 (Non-critical)
Version:5.0 OS:Any
Assigned to: Kristofer Pettersson
Triage: D1 (Critical)

[31 Jul 2008 11:37] Kristofer Pettersson
Description:
Server side cursors are not initialized properly (according to code documentation in sql_prepare.cc) and this causes a reference to uninitialized memory.

How to repeat:
create mysql-test/t/crash.test:
CREATE TABLE t1 (a INT);
INSERT INTO t1 VALUES (1);

mysql-test/mtr --cursor-protocol crash.test

Suggested fix:
Backport fix for 5.1+ found in change set: sp1r-kostja@bodhi.(none)-20080417190201-39627

=== modified file 'sql/sql_cursor.cc'
--- sql/sql_cursor.cc	2008-02-21 01:30:29 +0000
+++ sql/sql_cursor.cc	2008-04-17 19:02:01 +0000
@@ -111,7 +111,8 @@
   select_result *result; /**< the result object of the caller (PS or SP) */
 public:
   Materialized_cursor *materialized_cursor;
-  Select_materialize(select_result *result_arg) :result(result_arg) {}
+  Select_materialize(select_result *result_arg)
+    :result(result_arg), materialized_cursor(0) {}
   virtual bool send_fields(List<Item> &list, uint flags);
 };
[31 Jul 2008 11:41] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/50781

2652 Kristofer Pettersson	2008-07-31
      Bug#38486 Crash when using cursor protocol
      
      Server side cursors were not initialized properly and this caused a reference to
      uninitialized memory.
[31 Jul 2008 12:26] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/50782

2652 Kristofer Pettersson	2008-07-31
      Bug#38486 Crash when using cursor protocol
            
      Server side cursors were not initialized properly and this caused a reference to
      uninitialized memory.
[11 Aug 2008 9:36] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51268

2652 Kristofer Pettersson	2008-08-11
      Bug#38486 Crash when using cursor protocol
                  
      Server side cursors were not initialized properly and this caused a reference to
      uninitialized memory.
[11 Aug 2008 13:46] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51313

2753 Davi Arnaut	2008-08-11 [merge]
      Update funcs_1 test suite to take into account the CREATE
      TABLESPACE privilege and that warnings are always raised
      with a warning level now (Bug 36777).
[11 Aug 2008 13:49] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51314

2753 Davi Arnaut	2008-08-11 [merge]
      Update funcs_1 test suite to take into account the CREATE
      TABLESPACE privilege and that warnings are always raised
      with a warning level now (Bug 36777).
[11 Aug 2008 21:21] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51353

2657 Marc Alff	2008-08-11 [merge]
      Merge mysql-5.0-bugteam -> local bugfix branch
[12 Aug 2008 0:28] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51367

2692 Davi Arnaut	2008-08-11 [merge]
      Merge mysql-5.0-bugteam into mysql-5.1-bugteam
[12 Aug 2008 0:32] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51368

2692 Davi Arnaut	2008-08-11 [merge]
      Merge mysql-5.0-bugteam into mysql-5.1-bugteam
[12 Aug 2008 14:30] Bugs System
Pushed into 6.0.7-alpha  (revid:kpettersson@mysql.com-20080811094054-fgwyri7frml74jxp) (version source revid:davi.arnaut@sun.com-20080812141852-8e6knbqclpfd8irn) (pib:3)
[12 Aug 2008 15:04] Bugs System
Pushed into 5.1.28  (revid:davi.arnaut@sun.com-20080811232709-pryrs1mcwvbvkjc5) (version source revid:davi.arnaut@sun.com-20080812142843-he05ncsggstbn57z) (pib:3)
[12 Aug 2008 17:45] Paul Dubois
Noted in 5.1.28, 6.0.7 changelogs.

Server-side cursors were not initialized properly, which could cause
a server crash.

Setting report to Patch Queued pending push of fix into 5.0.x.
[12 Aug 2008 18:52] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51449

2647 Davi Arnaut	2008-08-12 [merge]
      Merge mysql-5.0-bugteam into mysql-5.0
[12 Aug 2008 19:06] Bugs System
Pushed into 5.0.68  (revid:davi.arnaut@sun.com-20080811232709-pryrs1mcwvbvkjc5) (version source revid:davi.arnaut@sun.com-20080812185100-d47qb8mz2ye6pe6b) (pib:3)
[12 Aug 2008 19:40] Paul Dubois
Note in 5.0.68 changelog.
[12 Aug 2008 23:45] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51470

2693 Marc Alff	2008-08-12 [merge]
      Merge mysql-5.1-bugteam -> local bugfix branch
[13 Aug 2008 16:26] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51535

2758 Marc Alff	2008-08-13 [merge]
      Merge 5.1-bugteam -> 6.0-bugteam
      
      Manual merge of sql_yacc.yy
[13 Aug 2008 16:28] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51536

2758 Marc Alff	2008-08-13 [merge]
      Merge 5.1-bugteam -> 6.0-bugteam
      
      Manual merge of sql_yacc.yy
[14 Aug 2008 8:20] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/51605

2685 He Zhenxing	2008-08-14 [merge]
      Merge 5.1-rpl-testfixes -> 6.0-rpl-testfixes
[19 Aug 2008 20:00] Bugs System
Pushed into 6.0.7-alpha  (revid:davi.arnaut@sun.com-20080811232709-pryrs1mcwvbvkjc5) (version source revid:sven@mysql.com-20080818175803-c1nutd5773r6b4gd) (pib:3)
[28 Aug 2008 20:17] Bugs System
Pushed into 6.0.7-alpha  (revid:cbell@mysql.com-20080822132131-uveo6wiuecy6m2b8) (version source revid:cbell@mysql.com-20080822132131-uveo6wiuecy6m2b8) (pib:3)
[3 Sep 2008 15:23] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53183
[14 Sep 2008 0:01] Bugs System
Pushed into 6.0.7-alpha  (revid:kpettersson@mysql.com-20080811094054-fgwyri7frml74jxp) (version source revid:v.narayanan@sun.com-20080820064843-ar9oavor4i4q3uyp) (pib:3)