3557 Alexander Barkov 2011-01-17
Bug#58371 Assertion failed: !s.uses_buffer_owned_by(this) with format string function
Introduced by the fix for bug#44766.
Problem: it's not correct to use args[0]->str_value as a buffer,
because args[0] may need this buffer for its own purposes.
Fix: adding a new class member tmp_value to use as return value.
@ mysql-test/r/ctype_many.result
@ mysql-test/t/ctype_many.test
Adding tests
@ sql/item_strfunc.cc
Changing code into traditional style:
use "str" as a buffer for the argument and tmp_value for the result value.
@ sql/item_strfunc.h
Adding tmp_value
modified:
mysql-test/r/ctype_many.result
mysql-test/t/ctype_many.test
sql/item_strfunc.cc
sql/item_strfunc.h
3556 Alexander Barkov 2011-01-17
Bug#59149 valgrind warnings with "like .. escape .." function
Problem: when processing a query like:
SELECT '' LIKE '1' ESCAPE COUNT(1);
escape_item->val_str() was never executed and the "escape" class member
stayed initialized, which led to valgrind uninitialized memory error.
Note, a query with some tables in "FROM" clause
returns ER_WRONG_ARGUMENTS in the same situation:
SELECT '' LIKE '1' ESCAPE COUNT(1) FROM t1;
ERROR 1210 (HY000): Incorrect arguments to ESCAPE
Fix: disallowing using aggregate functions in ESCAPE clause,
even if there are no tables used. There is no much use of that anyway.
modified:
mysql-test/r/func_like.result
mysql-test/t/func_like.test
sql/item_sum.h
=== modified file 'mysql-test/r/ctype_many.result'
--- a/mysql-test/r/ctype_many.result 2006-02-22 09:09:59 +0000
+++ b/mysql-test/r/ctype_many.result 2011-01-17 12:11:33 +0000
@@ -1683,3 +1683,18 @@ ARMENIAN CAPIT DA 2
ARMENIAN CAPIT ECH 2
ARMENIAN CAPIT ZA 2
DROP TABLE t1;
+#
+# Start of 5.1 tests
+#
+#
+# Bug#58371 Assertion failed: !s.uses_buffer_owned_by(this) with format string function
+#
+SET NAMES latin1;
+DO CONVERT(CAST(SUBSTRING_INDEX(FORMAT(1,'1111'), FORMAT('','Zpq'),1)
+AS BINARY(0)) USING utf8);
+Warnings:
+Warning 1292 Truncated incorrect INTEGER value: 'Zpq'
+Warning 1292 Truncated incorrect BINARY(0) value: '1.'
+#
+# End of 5.1 tests
+#
=== modified file 'mysql-test/t/ctype_many.test'
--- a/mysql-test/t/ctype_many.test 2005-10-13 14:16:19 +0000
+++ b/mysql-test/t/ctype_many.test 2011-01-17 12:11:33 +0000
@@ -211,3 +211,19 @@ SELECT min(comment),count(*) FROM t1 GRO
DROP TABLE t1;
# End of 4.1 tests
+
+
+--echo #
+--echo # Start of 5.1 tests
+--echo #
+
+--echo #
+--echo # Bug#58371 Assertion failed: !s.uses_buffer_owned_by(this) with format string function
+--echo #
+
+SET NAMES latin1;
+DO CONVERT(CAST(SUBSTRING_INDEX(FORMAT(1,'1111'), FORMAT('','Zpq'),1)
+ AS BINARY(0)) USING utf8);
+--echo #
+--echo # End of 5.1 tests
+--echo #
=== modified file 'sql/item_strfunc.cc'
--- a/sql/item_strfunc.cc 2011-01-13 07:57:15 +0000
+++ b/sql/item_strfunc.cc 2011-01-17 12:11:33 +0000
@@ -2761,22 +2761,16 @@ String *Item_func_conv_charset::val_str(
DBUG_ASSERT(fixed == 1);
if (use_cached_value)
return null_value ? 0 : &str_value;
- /*
- Here we don't pass 'str' as a parameter to args[0]->val_str()
- as 'str' may point to 'str_value' (e.g. see Item::save_in_field()),
- which we use below to convert string.
- Use argument's 'str_value' instead.
- */
- String *arg= args[0]->val_str(&args[0]->str_value);
+ String *arg= args[0]->val_str(str);
uint dummy_errors;
if (!arg)
{
null_value=1;
return 0;
}
- null_value= str_value.copy(arg->ptr(),arg->length(),arg->charset(),
+ null_value= tmp_value.copy(arg->ptr(), arg->length(), arg->charset(),
conv_charset, &dummy_errors);
- return null_value ? 0 : check_well_formed_result(&str_value);
+ return null_value ? 0 : check_well_formed_result(&tmp_value);
}
void Item_func_conv_charset::fix_length_and_dec()
=== modified file 'sql/item_strfunc.h'
--- a/sql/item_strfunc.h 2011-01-13 07:57:15 +0000
+++ b/sql/item_strfunc.h 2011-01-17 12:11:33 +0000
@@ -713,6 +713,7 @@ public:
class Item_func_conv_charset :public Item_str_func
{
bool use_cached_value;
+ String tmp_value;
public:
bool safe;
CHARSET_INFO *conv_charset; // keep it public
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-5.1 branch (alexander.barkov:3556 to 3557) Bug#58371 | Alexander Barkov | 17 Jan |
