[#MDEV-14466] Negative SP variable in LIMIT is treated as big positive

[MDEV-14466] Negative SP variable in LIMIT is treated as big positive Created: 2017-11-22 Updated: 2023-04-27
Status:	Open
Project:	MariaDB Server
Component/s:	Prepared Statements
Affects Version/s:	5.5, 10.0, 10.1, 10.2, 10.3
Fix Version/s:	10.4

Type:

Bug

Priority:

Major

Reporter:

Alexander Barkov

Assignee:

Alexander Barkov

Resolution:

Unresolved

Votes:

Labels:

None

Description

This script erroneously returns a row:

DROP PROCEDURE IF EXISTS p1;

DELIMITER $$

CREATE PROCEDURE p1()

BEGIN

  DECLARE a INT DEFAULT -1;

  SELECT 1 FROM DUAL LIMIT a;

END;

$$

DELIMITER ;

CALL p1;

+---+

| 1 |

+---+

| 1 |

+---+

Note, if I rewrite the query using a prepared statement with a negative user variable, it correctly returns an error:

DROP PROCEDURE IF EXISTS p1;

DELIMITER $$

CREATE PROCEDURE p1()

BEGIN

  SET @a=-1;

  PREPARE stmt FROM 'SELECT 1 FROM DUAL LIMIT ?';

  EXECUTE stmt USING @a;

END;

$$

DELIMITER ;

CALL p1;

ERROR 1210 (HY000): Incorrect arguments to EXECUTE

Note, If in the version 10.2 or higher (which support any kind of expressions in PS parameters) I use a prepared statement with a negative SP variable, it also correctly returns an error:

DROP PROCEDURE IF EXISTS p1;

DELIMITER $$

CREATE PROCEDURE p1()

BEGIN

  DECLARE a INT DEFAULT -1;

  PREPARE stmt FROM 'SELECT 1 FROM DUAL LIMIT ?';

  EXECUTE stmt USING a;

END;

$$

DELIMITER ;

CALL p1;

ERROR 1210 (HY000): Incorrect arguments to EXECUTE

Generated at Thu Feb 08 08:13:46 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-14466] Negative SP variable in LIMIT is treated as big positive Created: 2017-11-22 Updated: 2023-04-27