• Tor Didriksen's avatar
    Bug#13721076 CRASH WITH TIME TYPE/TIMESTAMP() AND WARNINGS IN SUBQUERY · 13053fbe
    Tor Didriksen authored
    The table contains one time value: '00:00:32'
    This value is converted to timestamp by a subquery.
    
    In convert_constant_item we call (*item)->is_null()
    which triggers execution of the Item_singlerow_subselect subquery,
    and the string "0000-00-00 00:00:32" is cached
    by Item_cache_datetime.
    We continue execution and call update_null_value, which calls val_int()
    on the cached item, which converts the time value to ((longlong) 32)
    Then we continue to do (*item)->save_in_field()
    which ends up in Item_cache_datetime::val_str() which fails,
    since (32 < 101) in number_to_datetime, and val_str() returns NULL.
    
    Item_singlerow_subselect::val_str isnt prepared for this:
    if exec() succeeds, and return !null_value, then val_str()
    *must* succeed.
    
    Solution: refuse to cache strings like "0000-00-00 00:00:32"
    in Item_cache_datetime::cache_value, and return NULL instead.
    
    This is similar to the solution for 
    Bug#11766860 - 60085: CRASH IN ITEM::SAVE_IN_FIELD() WITH TIME DATA TYPE
    
    This patch is for 5.5 only.
    The issue is not present after WL#946, since a time value
    will be converted to a proper timestamp, with the current date
    rather than "0000-00-00"
    
    
    mysql-test/r/subselect.result:
      New test case.
    mysql-test/t/subselect.test:
      New test case.
    sql/item.cc:
      Verify proper date format before caching timestamps.
    sql/item_timefunc.cc:
      Use named constant for readability.
    13053fbe
item_timefunc.cc 94.3 KB