• Alexey Kopytov's avatar
    Bug#54477: Crash on IN / CASE with NULL arguments · 1d97492e
    Alexey Kopytov authored
    Incorrect handling of NULL arguments could lead to a crash on
    the IN or CASE operations when either NULL arguments were
    passed explicitly as arguments (IN) or implicitly generated by
    the WITH ROLLUP modifier (both IN and CASE).
    
    Item_func_case::find_item() assumed all necessary comparators
    to be instantiated in fix_length_and_dec(). However, in the
    presence of WITH ROLLUP modifier, arguments could be
    substituted with an Item_null leading to an "unexpected"
    STRING_RESULT comparator being invoked.
    
    In addition to the problem identical to the above,
    Item_func_in::val_int() could crash even with explicitly passed
    NULL arguments due to an optimization in fix_length_and_dec()
    leading to NULL arguments being ignored during comparators
    creation.
    
    
    mysql-test/r/func_in.result:
      Test cases for bug#54477.
    mysql-test/t/func_in.test:
      Test cases for bug#54477.
    sql/item_cmpfunc.cc:
      Added additional checks for Item_nulls in 
      Item_func_case::find_item() and Item_func_in::val_int().
    1d97492e
func_in.result 25.4 KB