MDEV-12060 Crash in EXECUTE IMMEDIATE with an expression returning a …

…GRANT command

Backporting (partially) the fix for MDEV-14603.

mysql-test/r/ps.result

@@ -4351,3 +4351,45 @@ LINE2	2
 LINE3	3
 drop table t1;
 # End of 5.5 tests
+#
+# Start of 10.1 tests
+#
+#
+# MDEV-12060 Crash in EXECUTE IMMEDIATE with an expression returning a GRANT command
+# (the 10.1 part)
+#
+CREATE PROCEDURE p2 ()
+BEGIN
+SET STATEMENT join_cache_level=CAST(CONCAT(_utf8'6',_latin1'') AS INT) FOR PREPARE stmt FROM 'SELECT 1';
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+END;
+/
+CALL p2();
+1
+1
+DROP PROCEDURE p2;
+BEGIN NOT ATOMIC
+SET STATEMENT join_cache_level=CAST(CONCAT(_utf8'6',_latin1'') AS INT) FOR PREPARE stmt FROM 'SELECT 1';
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+END;
+/
+1
+1
+BEGIN NOT ATOMIC
+SET STATEMENT join_cache_level=CAST(CONCAT(_utf8'6',_latin1'') AS INT) FOR PREPARE stmt FROM 'SELECT 1';
+DEALLOCATE PREPARE stmt;
+END;
+/
+BEGIN NOT ATOMIC
+PREPARE stmt FROM 'SELECT 1';
+SET STATEMENT join_cache_level=CAST(CONCAT(_utf8'6',_latin1'') AS INT) FOR EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+END;
+/
+1
+1
+#
+# End of 10.1 tests
+#

mysql-test/t/ps.test

@@ -3876,3 +3876,58 @@ FROM
   ) X;
 drop table t1;
 --echo # End of 5.5 tests
+
+--echo #
+--echo # Start of 10.1 tests
+--echo #
+
+--echo #
+--echo # MDEV-12060 Crash in EXECUTE IMMEDIATE with an expression returning a GRANT command
+--echo # (the 10.1 part)
+--echo #
+
+DELIMITER /;
+CREATE PROCEDURE p2 ()
+BEGIN
+  SET STATEMENT join_cache_level=CAST(CONCAT(_utf8'6',_latin1'') AS INT) FOR PREPARE stmt FROM 'SELECT 1';
+  EXECUTE stmt;
+  DEALLOCATE PREPARE stmt;
+END;
+/
+DELIMITER ;/
+CALL p2();
+DROP PROCEDURE p2;
+
+
+DELIMITER /;
+BEGIN NOT ATOMIC
+  SET STATEMENT join_cache_level=CAST(CONCAT(_utf8'6',_latin1'') AS INT) FOR PREPARE stmt FROM 'SELECT 1';
+  EXECUTE stmt;
+  DEALLOCATE PREPARE stmt;
+END;
+/
+DELIMITER ;/
+
+
+DELIMITER /;
+BEGIN NOT ATOMIC
+  SET STATEMENT join_cache_level=CAST(CONCAT(_utf8'6',_latin1'') AS INT) FOR PREPARE stmt FROM 'SELECT 1';
+  DEALLOCATE PREPARE stmt;
+END;
+/
+DELIMITER ;/
+
+
+DELIMITER /;
+BEGIN NOT ATOMIC
+  PREPARE stmt FROM 'SELECT 1';
+  SET STATEMENT join_cache_level=CAST(CONCAT(_utf8'6',_latin1'') AS INT) FOR EXECUTE stmt;
+  DEALLOCATE PREPARE stmt;
+END;
+/
+DELIMITER ;/
+
+
+--echo #
+--echo # End of 10.1 tests
+--echo #

sql/sql_prepare.cc

@@ -2736,6 +2736,15 @@ void mysql_sql_stmt_prepare(THD *thd)
     DBUG_VOID_RETURN;
   }
 
+#if MYSQL_VERSION_ID < 100200
+  /*
+    Backpoiting MDEV-14603 from 10.2 to 10.1
+    Remove the code between #if..#endif when merging.
+  */
+  Item_change_list change_list_save_point;
+  thd->change_list.move_elements_to(&change_list_save_point);
+#endif
+
   if (stmt->prepare(query, query_len))
   {
     /* Statement map deletes the statement on erase */
@@ -2744,6 +2753,15 @@ void mysql_sql_stmt_prepare(THD *thd)
   else
     my_ok(thd, 0L, 0L, "Statement prepared");
 
+#if MYSQL_VERSION_ID < 100200
+  /*
+    Backpoiting MDEV-14603 from 10.2 to 10.1
+    Remove the code between #if..#endif when merging.
+  */
+  thd->rollback_item_tree_changes();
+  change_list_save_point.move_elements_to(&thd->change_list);
+#endif
+
   DBUG_VOID_RETURN;
 }
 
@@ -3039,7 +3057,27 @@ void mysql_sql_stmt_execute(THD *thd)
   */
   Item *free_list_backup= thd->free_list;
   thd->free_list= NULL; // Hide the external (e.g. "SET STATEMENT") Items
+
+#if MYSQL_VERSION_ID < 100200
+  /*
+    Backpoiting MDEV-14603 from 10.2 to 10.1
+    Remove the code between #if..#endif when merging.
+  */
+  Item_change_list change_list_save_point;
+  thd->change_list.move_elements_to(&change_list_save_point);
+#endif
+
   (void) stmt->execute_loop(&expanded_query, FALSE, NULL, NULL);
+
+#if MYSQL_VERSION_ID < 100200
+  /*
+    Backpoiting MDEV-14603 from 10.2 to 10.1
+    Remove the code between #if..#endif when merging.
+  */
+  thd->rollback_item_tree_changes();
+  change_list_save_point.move_elements_to(&thd->change_list);
+#endif
+
   thd->free_items();    // Free items created by execute_loop()
   /*
     Now restore the "external" (e.g. "SET STATEMENT") Item list.