List:Commits« Previous MessageNext Message »
From:Sergey Glukhov Date:December 13 2010 9:56am
Subject:bzr commit into mysql-5.1-bugteam branch (sergey.glukhov:3515) Bug#57818
Bug#57913
View as plain text  
#At file:///home/gluh/MySQL/mysql-5.1-bugteam-new/ based on revid:sergey.glukhov@stripped

 3515 Sergey Glukhov	2010-12-13
      Bug#57818 string conversion function died
      Bug#57913 large negative number to string conversion functions crash
      String object which is used as result container of the item
      has uninitialized 'str_charset' field. This object
      might be used later to preform some internal operations
      and str_charset field is involved in these operations.
      It leads to crash.
      The fix is to intialize str_charset field before item evaluation.
     @ mysql-test/r/func_str.result
        test case
     @ mysql-test/t/func_str.test
        test case
     @ sql/item_cmpfunc.cc
        intialize str_charset field before item evaluation.

    modified:
      mysql-test/r/func_str.result
      mysql-test/t/func_str.test
      sql/item_cmpfunc.cc
=== modified file 'mysql-test/r/func_str.result'
--- a/mysql-test/r/func_str.result	2010-03-26 05:49:35 +0000
+++ b/mysql-test/r/func_str.result	2010-12-13 09:56:19 +0000
@@ -2600,4 +2600,16 @@ ORDER BY QUOTE(t1.a);
 1
 1
 DROP TABLE t1;
+#
+# Bug#57913 large negative number to string conversion functions crash
+# Bug#57810 case/when/then : Assertion failed: length || !scale
+#
+SELECT '1' IN ('1', SUBSTRING(-9223372036854775809, 1));
+'1' IN ('1', SUBSTRING(-9223372036854775809, 1))
+1
+SELECT CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3));
+CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3))
+1
+Warnings:
+Warning	1292	Truncated incorrect DECIMAL value: ''
 End of 5.1 tests

=== modified file 'mysql-test/t/func_str.test'
--- a/mysql-test/t/func_str.test	2010-03-26 05:49:35 +0000
+++ b/mysql-test/t/func_str.test	2010-12-13 09:56:19 +0000
@@ -1362,4 +1362,11 @@ SELECT 1 FROM t1, t1 t2
 ORDER BY QUOTE(t1.a);
 DROP TABLE t1;
 
+--echo #
+--echo # Bug#57913 large negative number to string conversion functions crash
+--echo # Bug#57810 case/when/then : Assertion failed: length || !scale
+--echo #
+SELECT '1' IN ('1', SUBSTRING(-9223372036854775809, 1));
+SELECT CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3));
+
 --echo End of 5.1 tests

=== modified file 'sql/item_cmpfunc.cc'
--- a/sql/item_cmpfunc.cc	2010-12-07 14:32:55 +0000
+++ b/sql/item_cmpfunc.cc	2010-12-13 09:56:19 +0000
@@ -3383,8 +3383,18 @@ in_string::~in_string()
 
 void in_string::set(uint pos,Item *item)
 {
+  String *res;
   String *str=((String*) base)+pos;
-  String *res=item->val_str(str);
+
+  if (!str->charset())
+  {
+    CHARSET_INFO *cs;
+    if (!(cs= item->collation.collation))
+      cs= &my_charset_bin;		// Should never happen for STR items
+    str->set_charset(cs);
+  }
+
+  res= item->val_str(str);
   if (res && res != str)
   {
     if (res->uses_buffer_owned_by(str))
@@ -3394,13 +3404,6 @@ void in_string::set(uint pos,Item *item)
     else
       *str= *res;
   }
-  if (!str->charset())
-  {
-    CHARSET_INFO *cs;
-    if (!(cs= item->collation.collation))
-      cs= &my_charset_bin;		// Should never happen for STR items
-    str->set_charset(cs);
-  }
 }
 
 


Attachment: [text/bzr-bundle] bzr/sergey.glukhov@oracle.com-20101213095619-1bzndugqgtu6gwxj.bundle
Thread
bzr commit into mysql-5.1-bugteam branch (sergey.glukhov:3515) Bug#57818Bug#57913Sergey Glukhov13 Dec