Commit 1d5607fc authored by Tor Didriksen's avatar Tor Didriksen

Bug#13013970 MORE CRASHES IN FIELD_BLOB::GET_KEY_IMAGE

The predicate is re-written from
((`test`.`g1`.`a` = geometryfromtext('')) or ...
to
((`test`.`g1`.`a` = <cache>(geometryfromtext(''))) or ...

The range optimizer calls save_in_field_no_warnings, in order to fetch keys.
save_in_field_no_warnings returns 0 because of the cache wrapper,
and get_mm_leaf() proceeded to call Field_blob::get_key_image() 
which accesses un-initialized data.




mysql-test/r/gis.result:
  New test case.
mysql-test/t/gis.test:
  New test case.
sql/item.cc:
  If we have cached a null_value, then verify that the Field can accept it.
parent 24a35188
...@@ -1091,4 +1091,13 @@ FORCE INDEX(i) WHERE a = date_sub(now(), interval 2808.4 year_month) ...@@ -1091,4 +1091,13 @@ FORCE INDEX(i) WHERE a = date_sub(now(), interval 2808.4 year_month)
Warnings: Warnings:
Warning 1441 Datetime function: datetime field overflow Warning 1441 Datetime function: datetime field overflow
DROP TABLE g1; DROP TABLE g1;
#
# Bug#13013970 MORE CRASHES IN FIELD_BLOB::GET_KEY_IMAGE
#
CREATE TABLE g1(a TEXT NOT NULL, KEY(a(255)));
INSERT INTO g1 VALUES ('a'),('a');
SELECT 1 FROM g1 WHERE a >= ANY
(SELECT 1 FROM g1 WHERE a = geomfromtext('') OR a) ;
1
DROP TABLE g1;
End of 5.5 tests End of 5.5 tests
...@@ -838,5 +838,16 @@ FORCE INDEX(i) WHERE a = date_sub(now(), interval 2808.4 year_month) ...@@ -838,5 +838,16 @@ FORCE INDEX(i) WHERE a = date_sub(now(), interval 2808.4 year_month)
DROP TABLE g1; DROP TABLE g1;
--echo #
--echo # Bug#13013970 MORE CRASHES IN FIELD_BLOB::GET_KEY_IMAGE
--echo #
CREATE TABLE g1(a TEXT NOT NULL, KEY(a(255)));
INSERT INTO g1 VALUES ('a'),('a');
SELECT 1 FROM g1 WHERE a >= ANY
(SELECT 1 FROM g1 WHERE a = geomfromtext('') OR a) ;
DROP TABLE g1;
--echo End of 5.5 tests --echo End of 5.5 tests
...@@ -7924,8 +7924,8 @@ my_decimal *Item_cache_str::val_decimal(my_decimal *decimal_val) ...@@ -7924,8 +7924,8 @@ my_decimal *Item_cache_str::val_decimal(my_decimal *decimal_val)
int Item_cache_str::save_in_field(Field *field, bool no_conversions) int Item_cache_str::save_in_field(Field *field, bool no_conversions)
{ {
if (!has_value()) if (!value_cached && !cache_value())
return 0; return -1; // Fatal: couldn't cache the value
int res= Item_cache::save_in_field(field, no_conversions); int res= Item_cache::save_in_field(field, no_conversions);
return (is_varbinary && field->type() == MYSQL_TYPE_STRING && return (is_varbinary && field->type() == MYSQL_TYPE_STRING &&
value->length() < field->field_length) ? 1 : res; value->length() < field->field_length) ? 1 : res;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment