Commit a765cca6 authored by Alexander Barkov's avatar Alexander Barkov

MDEV-8067 correct fix for MySQL Bug # 19699237: UNINITIALIZED VARIABLE IN ITEM_FIELD::STR_RESULT

parent b37b52a3
...@@ -5762,5 +5762,20 @@ DROP TABLE t1; ...@@ -5762,5 +5762,20 @@ DROP TABLE t1;
# End of ctype_utf8_ilseq.inc # End of ctype_utf8_ilseq.inc
# #
# #
# MDEV-8067 correct fix for MySQL Bug # 19699237: UNINITIALIZED VARIABLE IN ITEM_FIELD::STR_RESULT
#
CREATE TABLE t1 (a VARCHAR(10) CHARACTER SET utf8);
CREATE TABLE t2 (a VARCHAR(10) CHARACTER SET latin1);
INSERT INTO t1 VALUES ('aaa');
INSERT INTO t2 VALUES ('aaa');
SELECT (SELECT CONCAT(a),1 FROM t1) <=> (SELECT CONCAT(a),1 FROM t2);
(SELECT CONCAT(a),1 FROM t1) <=> (SELECT CONCAT(a),1 FROM t2)
1
INSERT INTO t1 VALUES ('aaa');
INSERT INTO t2 VALUES ('aaa');
SELECT (SELECT CONCAT(a),1 FROM t1) <=> (SELECT CONCAT(a),1 FROM t2);
ERROR 21000: Subquery returns more than 1 row
DROP TABLE t1, t2;
#
# End of 5.5 tests # End of 5.5 tests
# #
...@@ -1616,6 +1616,22 @@ SET NAMES utf8 COLLATE utf8_general_ci; ...@@ -1616,6 +1616,22 @@ SET NAMES utf8 COLLATE utf8_general_ci;
--let ENGINE=HEAP --let ENGINE=HEAP
--source include/ctype_utf8_ilseq.inc --source include/ctype_utf8_ilseq.inc
--echo #
--echo # MDEV-8067 correct fix for MySQL Bug # 19699237: UNINITIALIZED VARIABLE IN ITEM_FIELD::STR_RESULT
--echo #
CREATE TABLE t1 (a VARCHAR(10) CHARACTER SET utf8);
CREATE TABLE t2 (a VARCHAR(10) CHARACTER SET latin1);
INSERT INTO t1 VALUES ('aaa');
INSERT INTO t2 VALUES ('aaa');
SELECT (SELECT CONCAT(a),1 FROM t1) <=> (SELECT CONCAT(a),1 FROM t2);
INSERT INTO t1 VALUES ('aaa');
INSERT INTO t2 VALUES ('aaa');
# Running the below query crashed with two rows
--error ER_SUBQUERY_NO_1_ROW
SELECT (SELECT CONCAT(a),1 FROM t1) <=> (SELECT CONCAT(a),1 FROM t2);
DROP TABLE t1, t2;
--echo # --echo #
--echo # End of 5.5 tests --echo # End of 5.5 tests
--echo # --echo #
...@@ -1135,6 +1135,36 @@ Item *Item::safe_charset_converter(CHARSET_INFO *tocs) ...@@ -1135,6 +1135,36 @@ Item *Item::safe_charset_converter(CHARSET_INFO *tocs)
} }
/**
Some pieces of the code do not support changing of
Item_cache to other Item types.
Example:
Item_singlerow_subselect has "Item_cache **row".
Creating of Item_func_conv_charset followed by THD::change_item_tree()
should not change row[i] from Item_cache directly to Item_func_conv_charset, because Item_singlerow_subselect
because Item_singlerow_subselect later calls Item_cache-specific methods,
e.g. row[i]->store() and row[i]->cache_value().
Let's wrap Item_func_conv_charset to a new Item_cache,
so the Item_cache-specific methods can still be used for
Item_singlerow_subselect::row[i] safely.
TODO: we should eventually check all other use cases of change_item_tree().
Perhaps some more potentially dangerous substitution examples exist.
*/
Item *Item_cache::safe_charset_converter(CHARSET_INFO *tocs)
{
Item_func_conv_charset *conv= new Item_func_conv_charset(example, tocs, 1);
Item_cache *cache;
if (!conv || !conv->safe || !(cache= new Item_cache_str(conv)))
return NULL; // Safe conversion is not possible, or OEM
cache->setup(conv);
cache->fixed= false; // Make Item::fix_fields() happy
return cache;
}
/** /**
@details @details
Created mostly for mysql_prepare_table(). Important Created mostly for mysql_prepare_table(). Important
......
...@@ -4161,6 +4161,7 @@ public: ...@@ -4161,6 +4161,7 @@ public:
return TRUE; return TRUE;
return (this->*processor)(arg); return (this->*processor)(arg);
} }
virtual Item *safe_charset_converter(CHARSET_INFO *tocs);
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment