MDEV-37710 ASAN errors in find_type2 upon executing a procedure from sys schema

vuvova · vuvova · commit 956920816e9e · 2025-10-28T17:49:51.000+01:00
don't reload stored routines in the middle of the execution
of a routine. we don't want different iterations of a loop
to see diffefent definitions

For this: remember Cversion in THD on the first sp cache lookup,
after that only compare versions with this value not with Cversion.
diff --git a/mysql-test/main/sp-bugs2.result b/mysql-test/main/sp-bugs2.result
@@ -1,3 +1,6 @@
+#
+# MDEV-6610 Assertion `thd->is_error() || thd->killed' failed in mysql_execute_command on executing an SP with repeated CREATE TABLE .. SELECT
+#
 CREATE TABLE t1 (i INT);
 SET @a = 2;
 CREATE TABLE IF NOT EXISTS t2 (i INT) ENGINE = MyISAM 
@@ -94,4 +97,30 @@ CALL p1();
 # Clean up
 DROP FUNCTION cnt;
 DROP PROCEDURE p1;
+#
+# MDEV-37710 ASAN errors in find_type2 upon executing a procedure from sys schema
+#
+create procedure p1()
+begin
+declare found int;
+repeat
+set found = exists (select * from information_schema.routines where routine_name='f');
+if (sys.ps_is_consumer_enabled('events_waits_history_long') = 'yes') then
+select * from mysql.user;
+end if;
+select release_all_locks();
+until found end repeat;
+end$$
+select get_lock('p1', 300);
+get_lock('p1', 300)
+1
+call p1();
+connect con1,localhost,root,,;
+select get_lock('p1', 300);
+get_lock('p1', 300)
+1
+create function f() returns int return 1;
+connection default;
+drop function f;
+drop procedure p1;
 # End of 10.11 tests
diff --git a/mysql-test/main/sp-bugs2.test b/mysql-test/main/sp-bugs2.test
@@ -1,6 +1,6 @@
-#
-# MDEV-6610 Assertion `thd->is_error() || thd->killed' failed in mysql_execute_command on executing an SP with repeated CREATE TABLE .. SELECT
-#
+--echo #
+--echo # MDEV-6610 Assertion `thd->is_error() || thd->killed' failed in mysql_execute_command on executing an SP with repeated CREATE TABLE .. SELECT
+--echo #
 CREATE TABLE t1 (i INT);
 SET @a = 2; 
 
@@ -97,4 +97,32 @@ CALL p1();
 DROP FUNCTION cnt;
 DROP PROCEDURE p1;
 
+--echo #
+--echo # MDEV-37710 ASAN errors in find_type2 upon executing a procedure from sys schema
+--echo #
+delimiter $$;
+create procedure p1()
+begin
+  declare found int;
+  repeat
+    set found = exists (select * from information_schema.routines where routine_name='f');
+    if (sys.ps_is_consumer_enabled('events_waits_history_long') = 'yes') then
+        select * from mysql.user;
+    end if;
+    select release_all_locks();
+  until found end repeat;
+end$$
+delimiter ;$$
+select get_lock('p1', 300);
+--send call p1()
+--connect con1,localhost,root,,
+select get_lock('p1', 300);
+create function f() returns int return 1;
+--connection default
+--disable_result_log
+--reap
+--enable_result_log
+drop function f;
+drop procedure p1;
+
 --echo # End of 10.11 tests
diff --git a/sql/sp.cc b/sql/sp.cc
@@ -1127,7 +1127,7 @@ Sp_handler::sp_drop_routine_internal(THD *thd,
   sp_cache **spc= get_cache(thd);
   DBUG_ASSERT(spc);
   if ((sp= sp_cache_lookup(spc, name)))
-    sp_cache_flush_obsolete(spc, &sp);
+    sp_cache_flush_obsolete(spc, &sp, sp_cache_version());
   /* Drop statistics for this stored program from performance schema. */
   MYSQL_DROP_SP(type(), name->m_db.str, static_cast<uint>(name->m_db.length),
                         name->m_name.str, static_cast<uint>(name->m_name.length));
@@ -2818,10 +2818,11 @@ int Sp_handler::sp_cache_routine(THD *thd,
   DBUG_ASSERT(spc);
 
   *sp= sp_cache_lookup(spc, name);
+  thd->set_sp_cache_version_if_needed(sp_cache_version());
 
   if (*sp)
   {
-    sp_cache_flush_obsolete(spc, sp);
+    sp_cache_flush_obsolete(spc, sp, thd->sp_cache_version());
     if (*sp)
       DBUG_RETURN(SP_OK);
   }
diff --git a/sql/sp_cache.cc b/sql/sp_cache.cc
@@ -231,9 +231,9 @@ void sp_cache_invalidate()
   inside SP'.
 */
 
-void sp_cache_flush_obsolete(sp_cache **cp, sp_head **sp)
+void sp_cache_flush_obsolete(sp_cache **cp, sp_head **sp, ulong version)
 {
-  if ((*sp)->sp_cache_version() < Cversion && !(*sp)->is_invoked())
+  if ((*sp)->sp_cache_version() < version)
   {
     (*cp)->remove(*sp);
     *sp= NULL;
diff --git a/sql/sp_cache.h b/sql/sp_cache.h
@@ -59,7 +59,7 @@ void sp_cache_clear(sp_cache **cp);
 void sp_cache_insert(sp_cache **cp, sp_head *sp);
 sp_head *sp_cache_lookup(sp_cache **cp, const Database_qualified_name *name);
 void sp_cache_invalidate();
-void sp_cache_flush_obsolete(sp_cache **cp, sp_head **sp);
+void sp_cache_flush_obsolete(sp_cache **cp, sp_head **sp, ulong version);
 ulong sp_cache_version();
 void sp_cache_enforce_limit(sp_cache *cp, ulong upper_limit_for_elements);
 
diff --git a/sql/sql_base.cc b/sql/sql_base.cc
@@ -3186,7 +3186,7 @@ static bool
 check_and_update_routine_version(THD *thd, Sroutine_hash_entry *rt,
                                  sp_head *sp)
 {
-  ulong spc_version= sp_cache_version();
+  ulong spc_version= thd->sp_cache_version();
   /* sp is NULL if there is no such routine. */
   ulong version= sp ? sp->sp_cache_version() : spc_version;
   /*
@@ -3196,7 +3196,7 @@ check_and_update_routine_version(THD *thd, Sroutine_hash_entry *rt,
     Sic: version != spc_version <--> sp is not NULL.
   */
   if (rt->m_sp_cache_version != version ||
-      (version != spc_version && !sp->is_invoked()))
+      (version < spc_version && !sp->is_invoked()))
   {
     if (thd->m_reprepare_observer &&
         thd->m_reprepare_observer->report_error(thd))
diff --git a/sql/sql_class.h b/sql/sql_class.h
@@ -2449,16 +2449,16 @@ struct wait_for_commit
 
 class Sp_caches
 {
+protected:
+  ulong m_sp_cache_version;
 public:
   sp_cache *sp_proc_cache;
   sp_cache *sp_func_cache;
   sp_cache *sp_package_spec_cache;
   sp_cache *sp_package_body_cache;
   Sp_caches()
-   :sp_proc_cache(NULL),
-    sp_func_cache(NULL),
-    sp_package_spec_cache(NULL),
-    sp_package_body_cache(NULL)
+   :m_sp_cache_version(0), sp_proc_cache(NULL), sp_func_cache(NULL),
+    sp_package_spec_cache(NULL), sp_package_body_cache(NULL)
   { }
   ~Sp_caches()
   {
@@ -2481,6 +2481,16 @@ class Sp_caches
     Don't delete cache objects itself.
   */
   void sp_caches_empty();
+  ulong sp_cache_version() const
+  {
+    DBUG_ASSERT(m_sp_cache_version);
+    return m_sp_cache_version;
+  }
+  void set_sp_cache_version_if_needed(ulong version)
+  {
+    if (!m_sp_cache_version)
+      m_sp_cache_version= version;
+  }
 };
 
 
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
@@ -7772,6 +7772,8 @@ void THD::reset_for_next_command(bool do_clear_error)
 
   save_prep_leaf_list= false;
 
+  m_sp_cache_version= 0;
+
 #ifdef WITH_WSREP
 #if !defined(DBUG_OFF)
   if (mysql_bin_log.is_open())

Original file line number	Diff line number	Diff line change
`@@ -231,9 +231,9 @@ void sp_cache_invalidate()`
`231`	`231`	`inside SP'.`
`232`	`232`	`*/`
`233`	`233`
`234`		`-void sp_cache_flush_obsolete(sp_cache cp, sp_head sp)`
	`234`	`+void sp_cache_flush_obsolete(sp_cache cp, sp_head sp, ulong version)`
`235`	`235`	`{`
`236`		`- if ((sp)->sp_cache_version() < Cversion && !(sp)->is_invoked())`
	`236`	`+ if ((*sp)->sp_cache_version() < version)`
`237`	`237`	`{`
`238`	`238`	`(cp)->remove(sp);`
`239`	`239`	`*sp= NULL;`