[MDEV-33402] Calling a private package routine by its 3-step name does not fail Created: 2024-02-07 Updated: 2024-02-07 |
|
| Status: | Open |
| Project: | MariaDB Server |
| Component/s: | Stored routines |
| Affects Version/s: | 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5 |
| Fix Version/s: | 10.5 |
| Type: | Bug | Priority: | Major |
| Reporter: | Alexander Barkov | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | security | ||
| Issue Links: |
|
||||||||||||||||
| Description |
|
I create the following package with a private procedure and try to call the procedure from outside of the package:
The CALL statement correctly fails, because pkg.p0 is a private routine. Now I use a 3-step procedure name notation:
The above is wrong. It should fail in the same way with the first CALL. |
| Comments |
| Comment by Alexander Barkov [ 2024-02-07 ] | |||||||||||||||||||||||
|
In sql_mode=DEFAULT it also works incorrectly:
The CALL statement correctly fails, because pkg.p0 is a private routine. Now I use a 3-step procedure notation:
|