Commit c7191f90 authored by unknown's avatar unknown

Fix for bug #32137: prepared statement crash with str_to_date in update clause

Problem: calling non-constant argument's val_xxx() methods 
in the ::fix_length_and_dec() is inadmissible.

Fix: call the method only for constant arguments.


mysql-test/r/ps.result:
  Fix for bug #32137: prepared statement crash with str_to_date in update clause
    - test result.
mysql-test/t/ps.test:
  Fix for bug #32137: prepared statement crash with str_to_date in update clause
    - test case.
sql/item_timefunc.cc:
  Fix for bug #32137: prepared statement crash with str_to_date in update clause
    - call argument's val_str() only for constant items in the 
      Item_func_str_to_date::fix_length_and_dec().
parent ab4f08b3
......@@ -1109,4 +1109,9 @@ a
13
DEALLOCATE PREPARE st1;
DROP TABLE t1;
create table t1 (a int, b tinyint);
prepare st1 from 'update t1 set b= (str_to_date(a, a))';
execute st1;
deallocate prepare st1;
drop table t1;
End of 4.1 tests.
......@@ -1146,4 +1146,13 @@ EXECUTE st1;
DEALLOCATE PREPARE st1;
DROP TABLE t1;
#
# Bug #32137: prepared statement crash with str_to_date in update clause
#
create table t1 (a int, b tinyint);
prepare st1 from 'update t1 set b= (str_to_date(a, a))';
execute st1;
deallocate prepare st1;
drop table t1;
--echo End of 4.1 tests.
......@@ -2958,16 +2958,17 @@ Field *Item_func_str_to_date::tmp_table_field(TABLE *t_arg)
void Item_func_str_to_date::fix_length_and_dec()
{
char format_buff[64];
String format_str(format_buff, sizeof(format_buff), &my_charset_bin);
String *format;
maybe_null= 1;
decimals=0;
cached_field_type= MYSQL_TYPE_STRING;
max_length= MAX_DATETIME_FULL_WIDTH*MY_CHARSET_BIN_MB_MAXLEN;
cached_timestamp_type= MYSQL_TIMESTAMP_NONE;
format= args[1]->val_str(&format_str);
if (!args[1]->null_value && (const_item= args[1]->const_item()))
if ((const_item= args[1]->const_item()))
{
char format_buff[64];
String format_str(format_buff, sizeof(format_buff), &my_charset_bin);
String *format= args[1]->val_str(&format_str);
if (!args[1]->null_value)
{
cached_format_type= get_date_time_result_type(format->ptr(),
format->length());
......@@ -2975,13 +2976,13 @@ void Item_func_str_to_date::fix_length_and_dec()
case DATE_ONLY:
cached_timestamp_type= MYSQL_TIMESTAMP_DATE;
cached_field_type= MYSQL_TYPE_DATE;
max_length= MAX_DATE_WIDTH*MY_CHARSET_BIN_MB_MAXLEN;
max_length= MAX_DATE_WIDTH * MY_CHARSET_BIN_MB_MAXLEN;
break;
case TIME_ONLY:
case TIME_MICROSECOND:
cached_timestamp_type= MYSQL_TIMESTAMP_TIME;
cached_field_type= MYSQL_TYPE_TIME;
max_length= MAX_TIME_WIDTH*MY_CHARSET_BIN_MB_MAXLEN;
max_length= MAX_TIME_WIDTH * MY_CHARSET_BIN_MB_MAXLEN;
break;
default:
cached_timestamp_type= MYSQL_TIMESTAMP_DATETIME;
......@@ -2989,8 +2990,10 @@ void Item_func_str_to_date::fix_length_and_dec()
break;
}
}
}
}
bool Item_func_str_to_date::get_date(TIME *ltime, uint fuzzy_date)
{
DATE_TIME_FORMAT date_time_format;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment