fix for bug #12841

(Server crash on DO IFNULL(NULL,NULL) (fixes also "SELECT CAST(IFNULL(NULL,NULL) as DECIMAL)" unreported crash) (new revampled fix with suggestions from Igor) mysql-test/r/select.result: result of test for bug 12841 mysql-test/t/select.test: test for bug #12841 (Server crash on DO IFNULL(NULL,NULL) sql/item_func.cc: don't use the return value of ::str_op() without checking it whether checking it for NULL. (fixes bug #12841 as well as another not reported bug, but existing one - test case added). All other places where ::str_op() is used are safe.

fix for bug #12841
(Server crash on DO IFNULL(NULL,NULL) (fixes also "SELECT CAST(IFNULL(NULL,NULL) as DECIMAL)" unreported crash) (new revampled fix with suggestions from Igor) mysql-test/r/select.result: result of test for bug 12841 mysql-test/t/select.test: test for bug #12841 (Server crash on DO IFNULL(NULL,NULL) sql/item_func.cc: don't use the return value of ::str_op() without checking it whether checking it for NULL. (fixes bug #12841 as well as another not reported bug, but existing one - test case added). All other places where ::str_op() is used are safe.
c38e297b · unknown · 901075ac · c38e297b · c38e297b · c38e297b
Commit c38e297b authored Aug 29, 2005 by unknown
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 4 deletions

mysql-test/r/select.result mysql-test/r/select.result +10 -0

mysql-test/t/select.test mysql-test/t/select.test +9 -0

sql/item_func.cc sql/item_func.cc +9 -4

No files found.
--- a/mysql-test/r/select.result
+++ b/mysql-test/r/select.result
@@ -2875,6 +2875,16 @@ b	a	t1_val	t2_val
 1	1	1	1
 1	2	2	1
 drop table t1, t2, t3;
+DO IFNULL(NULL, NULL);
+SELECT CAST(IFNULL(NULL, NULL) AS DECIMAL);
+CAST(IFNULL(NULL, NULL) AS DECIMAL)
+NULL
+SELECT ABS(IFNULL(NULL, NULL));
+ABS(IFNULL(NULL, NULL))
+NULL
+SELECT IFNULL(NULL, NULL);
+IFNULL(NULL, NULL)
+NULL
 create table t1 (a char(1));
 create table t2 (a char(1));
 insert into t1 values ('a'),('b'),('c');

--- a/mysql-test/t/select.test
+++ b/mysql-test/t/select.test
@@ -2445,6 +2445,15 @@ select * from t1 natural join t3 natural join t2;
 drop table t1, t2, t3;
+#
+# Bug #12841: Server crash on DO IFNULL(NULL,NULL)
+#
+# (testing returning of int, decimal, real, string)
+DO IFNULL(NULL, NULL);
+SELECT CAST(IFNULL(NULL, NULL) AS DECIMAL);
+SELECT ABS(IFNULL(NULL, NULL));
+SELECT IFNULL(NULL, NULL);
 #
 # Bug #6495 Illogical requirement for column qualification in NATURAL join
 #

--- a/sql/item_func.cc
+++ b/sql/item_func.cc
@@ -734,11 +734,13 @@ longlong Item_func_numhybrid::val_int()
  case STRING_RESULT:
  {
    int err_not_used;
-    String *res= str_op(&str_value);
+    String *res;
+    if (!(res= str_op(&str_value)))
+      return 0;
    char *end= (char*) res->ptr() + res->length();
    CHARSET_INFO *cs= str_value.charset();
-    return (res ? (*(cs->cset->strtoll10))(cs, res->ptr(), &end,
+    return (*(cs->cset->strtoll10))(cs, res->ptr(), &end, &err_not_used);
-                                           &err_not_used) : 0);
  }
  default:
    DBUG_ASSERT(0);
@@ -769,7 +771,10 @@ my_decimal *Item_func_numhybrid::val_decimal(my_decimal *decimal_value)
  }
  case STRING_RESULT:
  {
-    String *res= str_op(&str_value);
+    String *res;
+    if (!(res= str_op(&str_value)))
+      return NULL;
    str2my_decimal(E_DEC_FATAL_ERROR, (char*) res->ptr(),
                   res->length(), res->charset(), decimal_value);
    break;