List:Commits« Previous MessageNext Message »
From:Alexander Barkov Date:January 17 2011 12:12pm
Subject:bzr push into mysql-5.1 branch (alexander.barkov:3556 to 3557) Bug#58371
View as plain text  
 3557 Alexander Barkov	2011-01-17
      Bug#58371 Assertion failed: !s.uses_buffer_owned_by(this) with format string function
      
      Introduced by the fix for bug#44766.
      
      Problem: it's not correct to use args[0]->str_value as a buffer,
      because args[0] may need this buffer for its own purposes.
      
      Fix: adding a new class member tmp_value to use as return value.
      
        @ mysql-test/r/ctype_many.result
        @ mysql-test/t/ctype_many.test
        Adding tests
      
        @ sql/item_strfunc.cc
        Changing code into traditional style:
        use "str" as a buffer for the argument and tmp_value for the result value.
      
        @ sql/item_strfunc.h
        Adding tmp_value

    modified:
      mysql-test/r/ctype_many.result
      mysql-test/t/ctype_many.test
      sql/item_strfunc.cc
      sql/item_strfunc.h
 3556 Alexander Barkov	2011-01-17
      Bug#59149 valgrind warnings with "like .. escape .." function
            
      Problem: when processing a query like:
        SELECT '' LIKE '1' ESCAPE COUNT(1);
      escape_item->val_str() was never executed and the "escape" class member
      stayed initialized, which led to valgrind uninitialized memory error.
            
      Note, a query with some tables in "FROM" clause
      returns ER_WRONG_ARGUMENTS in the same situation:
      
         SELECT '' LIKE '1' ESCAPE COUNT(1) FROM t1;
         ERROR 1210 (HY000): Incorrect arguments to ESCAPE
      
      Fix: disallowing using aggregate functions in ESCAPE clause,
      even if there are no tables used. There is no much use of that anyway.

    modified:
      mysql-test/r/func_like.result
      mysql-test/t/func_like.test
      sql/item_sum.h
=== modified file 'mysql-test/r/ctype_many.result'
--- a/mysql-test/r/ctype_many.result	2006-02-22 09:09:59 +0000
+++ b/mysql-test/r/ctype_many.result	2011-01-17 12:11:33 +0000
@@ -1683,3 +1683,18 @@ ARMENIAN CAPIT DA	2
 ARMENIAN CAPIT ECH	2
 ARMENIAN CAPIT ZA	2
 DROP TABLE t1;
+#
+# Start of 5.1 tests
+#
+#
+# Bug#58371 Assertion failed: !s.uses_buffer_owned_by(this) with format string function
+#
+SET NAMES latin1;
+DO CONVERT(CAST(SUBSTRING_INDEX(FORMAT(1,'1111'), FORMAT('','Zpq'),1) 
+AS BINARY(0)) USING utf8);
+Warnings:
+Warning	1292	Truncated incorrect INTEGER value: 'Zpq'
+Warning	1292	Truncated incorrect BINARY(0) value: '1.'
+#
+# End of 5.1 tests
+#

=== modified file 'mysql-test/t/ctype_many.test'
--- a/mysql-test/t/ctype_many.test	2005-10-13 14:16:19 +0000
+++ b/mysql-test/t/ctype_many.test	2011-01-17 12:11:33 +0000
@@ -211,3 +211,19 @@ SELECT min(comment),count(*) FROM t1 GRO
 DROP TABLE t1;
 
 # End of 4.1 tests
+
+
+--echo #
+--echo # Start of 5.1 tests
+--echo #
+
+--echo #
+--echo # Bug#58371 Assertion failed: !s.uses_buffer_owned_by(this) with format string function
+--echo #
+
+SET NAMES latin1;
+DO CONVERT(CAST(SUBSTRING_INDEX(FORMAT(1,'1111'), FORMAT('','Zpq'),1) 
+                AS BINARY(0)) USING utf8);
+--echo #
+--echo # End of 5.1 tests
+--echo #

=== modified file 'sql/item_strfunc.cc'
--- a/sql/item_strfunc.cc	2011-01-13 07:57:15 +0000
+++ b/sql/item_strfunc.cc	2011-01-17 12:11:33 +0000
@@ -2761,22 +2761,16 @@ String *Item_func_conv_charset::val_str(
   DBUG_ASSERT(fixed == 1);
   if (use_cached_value)
     return null_value ? 0 : &str_value;
-  /* 
-    Here we don't pass 'str' as a parameter to args[0]->val_str()
-    as 'str' may point to 'str_value' (e.g. see Item::save_in_field()),
-    which we use below to convert string. 
-    Use argument's 'str_value' instead.
-  */
-  String *arg= args[0]->val_str(&args[0]->str_value);
+  String *arg= args[0]->val_str(str);
   uint dummy_errors;
   if (!arg)
   {
     null_value=1;
     return 0;
   }
-  null_value= str_value.copy(arg->ptr(),arg->length(),arg->charset(),
+  null_value= tmp_value.copy(arg->ptr(), arg->length(), arg->charset(),
                              conv_charset, &dummy_errors);
-  return null_value ? 0 : check_well_formed_result(&str_value);
+  return null_value ? 0 : check_well_formed_result(&tmp_value);
 }
 
 void Item_func_conv_charset::fix_length_and_dec()

=== modified file 'sql/item_strfunc.h'
--- a/sql/item_strfunc.h	2011-01-13 07:57:15 +0000
+++ b/sql/item_strfunc.h	2011-01-17 12:11:33 +0000
@@ -713,6 +713,7 @@ public:
 class Item_func_conv_charset :public Item_str_func
 {
   bool use_cached_value;
+  String tmp_value;
 public:
   bool safe;
   CHARSET_INFO *conv_charset; // keep it public

No bundle (reason: useless for push emails).
Thread
bzr push into mysql-5.1 branch (alexander.barkov:3556 to 3557) Bug#58371Alexander Barkov17 Jan