Commit 31413eef authored by Annamalai Gurusami's avatar Annamalai Gurusami

Bug #14211565 CRASH WHEN ATTEMPTING TO SET SYSTEM VARIABLE TO RESULT OF VALUES()

Problem:

When the VALUES() function is inappropriately used in the SET stmt the server
exits.  

set port = values(v);

This happens because the values(v) will be parsed as an Item_insert_value by
the parser.  Both Item_field and Item_insert_value return the type as
FIELD_ITEM.  But for Item_insert_value the field_name member is NULL.  In
set_var constructor, when the type of the item is FIELD_ITEM we try to access
the non-existent field_name. 

The class hierarchy is as follows:
Item -> Item_ident -> Item_field -> Item_insert_value

The Item_ident::field_name is NULL for Item_insert_value.  

Solution:

In the parsing stage, in the set_var constructor if the item type is
FIELD_ITEM and if the field_name is non-existent, then it is probably
the Item_insert_value.  So leave it as it is for later evaluation.

rb://2004 approved by Roy and Norvald.
parent a6a469b4
......@@ -1326,13 +1326,23 @@ class set_var :public set_var_base
if (value_arg && value_arg->type() == Item::FIELD_ITEM)
{
Item_field *item= (Item_field*) value_arg;
if (!(value=new Item_string(item->field_name,
(uint) strlen(item->field_name),
item->collation.collation)))
value=value_arg; /* Give error message later */
if (item->field_name)
{
if (!(value= new Item_string(item->field_name,
(uint) strlen(item->field_name),
item->collation.collation)))
value= value_arg; /* Give error message later */
}
else
{
/* Both Item_field and Item_insert_value will return the type as
Item::FIELD_ITEM. If the item->field_name is NULL, we assume the
object to be Item_insert_value. */
value= value_arg;
}
}
else
value=value_arg;
value= value_arg;
}
int check(THD *thd);
int update(THD *thd);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment