1. 05 Apr, 2006 2 commits
  2. 03 Apr, 2006 4 commits
  3. 31 Mar, 2006 4 commits
  4. 30 Mar, 2006 1 commit
  5. 28 Mar, 2006 1 commit
  6. 27 Mar, 2006 2 commits
  7. 23 Mar, 2006 3 commits
  8. 22 Mar, 2006 8 commits
  9. 21 Mar, 2006 2 commits
  10. 20 Mar, 2006 5 commits
  11. 17 Mar, 2006 3 commits
  12. 16 Mar, 2006 1 commit
  13. 14 Mar, 2006 3 commits
  14. 13 Mar, 2006 1 commit
    • evgen@sunlight.local's avatar
      Fixed bug#17366: Unchecked Item_int results in server crash · af660df0
      evgen@sunlight.local authored
      When there is conjunction of conds, the substitute_for_best_equal_field()
      will call the eliminate_item_equal() function in loop to build final
      expression. But if eliminate_item_equal() finds that some cond will always
      evaluate to 0, then that cond will be substituted by Item_int with value ==
      0. In this case on the next iteration eliminate_item_equal() will get that 
      Item_int and treat it as Item_cond. This is leads to memory corruption and
      server crash on cleanup phase.
      
      To the eliminate_item_equal() function was added DBUG_ASSERT for checking
      that all items treaten as Item_cond are really Item_cond.
      The substitute_for_best_equal_field() now checks that if
      eliminate_item_equal() returns Item_int and it's value is 0 then this 
      value is returned as the result of whole conjunction.
      af660df0