Skip to content
Snippets Groups Projects
Commit d03c337a authored by Nikita Pettik's avatar Nikita Pettik Committed by Kirill Yukhin
Browse files

sql: update ptr to VDBE after its creation in sql_txn 

VDBE object is used in struct sql_txn to add new autoincrement ids in
sequence_next(). List of these ids is returned later as a query
execution result. sql_txn is created once SQL statement is executed
inside transaction and exists till commit or rollback. After its
creation it contains pointer to current VDBE. Each VDBE is freed after
statement is executed. Hence, after first SQL statement within
transaction is executed, sql_txn will point to freed memory (dangling
pointer). This leads to crash in the next processed statement. Fix to
this bug is simple: we must re-assign pointer to VDBE in sql_txn before
VDBE execution.

Closes #4157
parent 085ba61e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/box/sql/vdbeaux.c
+ 1
0
View file @ d03c337a
......@@ -110,6 +110,7 @@ sql_vdbe_prepare(struct Vdbe *vdbe)
if (txn->psql_txn == NULL)
return -1;
}
txn->psql_txn->vdbe = vdbe;
}
return 0;
}
......
test/sql/transitive-transactions.result
+ 28
0
View file @ d03c337a
......@@ -134,3 +134,31 @@ box.execute('DROP TABLE parent;');
---
- row_count: 1
...
-- gh-4157: autoincrement within transaction started in SQL
-- leads to seagfault.
--
box.execute('CREATE TABLE t (id INT PRIMARY KEY AUTOINCREMENT);');
---
- row_count: 1
...
box.execute('START TRANSACTION')
box.execute('INSERT INTO t VALUES (null), (null);')
box.execute('INSERT INTO t VALUES (null), (null);')
box.execute('SAVEPOINT sp;')
box.execute('INSERT INTO t VALUES (null);')
box.execute('ROLLBACK TO sp;')
box.execute('INSERT INTO t VALUES (null);')
box.commit();
---
...
box.space.T:select();
---
- - [1]
- [2]
- [3]
- [4]
- [6]
...
box.space.T:drop();
---
...
test/sql/transitive-transactions.test.lua
+ 15
0
View file @ d03c337a
......@@ -67,3 +67,18 @@ box.execute('PRAGMA defer_foreign_keys = 0;')
-- Cleanup
box.execute('DROP TABLE child;');
box.execute('DROP TABLE parent;');
-- gh-4157: autoincrement within transaction started in SQL
-- leads to seagfault.
--
box.execute('CREATE TABLE t (id INT PRIMARY KEY AUTOINCREMENT);');
box.execute('START TRANSACTION')
box.execute('INSERT INTO t VALUES (null), (null);')
box.execute('INSERT INTO t VALUES (null), (null);')
box.execute('SAVEPOINT sp;')
box.execute('INSERT INTO t VALUES (null);')
box.execute('ROLLBACK TO sp;')
box.execute('INSERT INTO t VALUES (null);')
box.commit();
box.space.T:select();
box.space.T:drop();
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment