Commit 992fc6b2 authored by unknown's avatar unknown

Backport of Igor's patch for Bug#27362, March 22 2007.

Fixed bug #27362: crash at evaluation of IN predicate when one
of its argument happened to be a decimal expression returning
the NULL value.
The crash was due to the fact the function in_decimal::set did
not take into account that val_decimal() could return 0 if 
the decimal expression had been evaluated to NULL.  


mysql-test/r/func_in.result:
  Added a test case for bug #27362.
mysql-test/t/func_in.test:
  Added a test case for bug #27362.
sql/item_cmpfunc.cc:
  Fixed bug #27362: crash at evaluation of IN predicate when one
  of its argument happened to be a decimal expression returning
  the NULL value.
  The crash was due to the fact the function in_decimal::set did
  not take into account that val_decimal() could return 0 if 
  the decimal expression had been evaluated to NULL.
parent 892c54a0
...@@ -470,4 +470,9 @@ a ...@@ -470,4 +470,9 @@ a
Warnings: Warnings:
Warning 1292 Incorrect date value: '19772-07-29' for column 'a' at row 1 Warning 1292 Incorrect date value: '19772-07-29' for column 'a' at row 1
DROP TABLE t1,t2,t3,t4; DROP TABLE t1,t2,t3,t4;
CREATE TABLE t1 (id int not null);
INSERT INTO t1 VALUES (1),(2);
SELECT id FROM t1 WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) );
id
DROP TABLE t1;
End of 5.0 tests End of 5.0 tests
...@@ -360,4 +360,15 @@ SELECT * FROM t4 WHERE a IN ('1972-02-06','19772-07-29'); ...@@ -360,4 +360,15 @@ SELECT * FROM t4 WHERE a IN ('1972-02-06','19772-07-29');
DROP TABLE t1,t2,t3,t4; DROP TABLE t1,t2,t3,t4;
#
# BUG#27362: IN with a decimal expression that may return NULL
#
CREATE TABLE t1 (id int not null);
INSERT INTO t1 VALUES (1),(2);
SELECT id FROM t1 WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) );
DROP TABLE t1;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -2423,7 +2423,8 @@ void in_decimal::set(uint pos, Item *item) ...@@ -2423,7 +2423,8 @@ void in_decimal::set(uint pos, Item *item)
dec->len= DECIMAL_BUFF_LENGTH; dec->len= DECIMAL_BUFF_LENGTH;
dec->fix_buffer_pointer(); dec->fix_buffer_pointer();
my_decimal *res= item->val_decimal(dec); my_decimal *res= item->val_decimal(dec);
if (res != dec) /* if item->val_decimal() is evaluated to NULL then res == 0 */
if (!item->null_value && res != dec)
my_decimal2decimal(res, dec); my_decimal2decimal(res, dec);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment