From: Alexander Barkov Date: January 17 2011 12:12pm Subject: bzr push into mysql-5.1 branch (alexander.barkov:3556 to 3557) Bug#58371 List-Archive: http://lists.mysql.com/commits/128946 X-Bug: 58371 Message-Id: <201101171212.p0HCCXl4029309@bar.myoffice.izhnet.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 3557 Alexander Barkov 2011-01-17 Bug#58371 Assertion failed: !s.uses_buffer_owned_by(this) with format string function Introduced by the fix for bug#44766. Problem: it's not correct to use args[0]->str_value as a buffer, because args[0] may need this buffer for its own purposes. Fix: adding a new class member tmp_value to use as return value. @ mysql-test/r/ctype_many.result @ mysql-test/t/ctype_many.test Adding tests @ sql/item_strfunc.cc Changing code into traditional style: use "str" as a buffer for the argument and tmp_value for the result value. @ sql/item_strfunc.h Adding tmp_value modified: mysql-test/r/ctype_many.result mysql-test/t/ctype_many.test sql/item_strfunc.cc sql/item_strfunc.h 3556 Alexander Barkov 2011-01-17 Bug#59149 valgrind warnings with "like .. escape .." function Problem: when processing a query like: SELECT '' LIKE '1' ESCAPE COUNT(1); escape_item->val_str() was never executed and the "escape" class member stayed initialized, which led to valgrind uninitialized memory error. Note, a query with some tables in "FROM" clause returns ER_WRONG_ARGUMENTS in the same situation: SELECT '' LIKE '1' ESCAPE COUNT(1) FROM t1; ERROR 1210 (HY000): Incorrect arguments to ESCAPE Fix: disallowing using aggregate functions in ESCAPE clause, even if there are no tables used. There is no much use of that anyway. modified: mysql-test/r/func_like.result mysql-test/t/func_like.test sql/item_sum.h === modified file 'mysql-test/r/ctype_many.result' --- a/mysql-test/r/ctype_many.result 2006-02-22 09:09:59 +0000 +++ b/mysql-test/r/ctype_many.result 2011-01-17 12:11:33 +0000 @@ -1683,3 +1683,18 @@ ARMENIAN CAPIT DA 2 ARMENIAN CAPIT ECH 2 ARMENIAN CAPIT ZA 2 DROP TABLE t1; +# +# Start of 5.1 tests +# +# +# Bug#58371 Assertion failed: !s.uses_buffer_owned_by(this) with format string function +# +SET NAMES latin1; +DO CONVERT(CAST(SUBSTRING_INDEX(FORMAT(1,'1111'), FORMAT('','Zpq'),1) +AS BINARY(0)) USING utf8); +Warnings: +Warning 1292 Truncated incorrect INTEGER value: 'Zpq' +Warning 1292 Truncated incorrect BINARY(0) value: '1.' +# +# End of 5.1 tests +# === modified file 'mysql-test/t/ctype_many.test' --- a/mysql-test/t/ctype_many.test 2005-10-13 14:16:19 +0000 +++ b/mysql-test/t/ctype_many.test 2011-01-17 12:11:33 +0000 @@ -211,3 +211,19 @@ SELECT min(comment),count(*) FROM t1 GRO DROP TABLE t1; # End of 4.1 tests + + +--echo # +--echo # Start of 5.1 tests +--echo # + +--echo # +--echo # Bug#58371 Assertion failed: !s.uses_buffer_owned_by(this) with format string function +--echo # + +SET NAMES latin1; +DO CONVERT(CAST(SUBSTRING_INDEX(FORMAT(1,'1111'), FORMAT('','Zpq'),1) + AS BINARY(0)) USING utf8); +--echo # +--echo # End of 5.1 tests +--echo # === modified file 'sql/item_strfunc.cc' --- a/sql/item_strfunc.cc 2011-01-13 07:57:15 +0000 +++ b/sql/item_strfunc.cc 2011-01-17 12:11:33 +0000 @@ -2761,22 +2761,16 @@ String *Item_func_conv_charset::val_str( DBUG_ASSERT(fixed == 1); if (use_cached_value) return null_value ? 0 : &str_value; - /* - Here we don't pass 'str' as a parameter to args[0]->val_str() - as 'str' may point to 'str_value' (e.g. see Item::save_in_field()), - which we use below to convert string. - Use argument's 'str_value' instead. - */ - String *arg= args[0]->val_str(&args[0]->str_value); + String *arg= args[0]->val_str(str); uint dummy_errors; if (!arg) { null_value=1; return 0; } - null_value= str_value.copy(arg->ptr(),arg->length(),arg->charset(), + null_value= tmp_value.copy(arg->ptr(), arg->length(), arg->charset(), conv_charset, &dummy_errors); - return null_value ? 0 : check_well_formed_result(&str_value); + return null_value ? 0 : check_well_formed_result(&tmp_value); } void Item_func_conv_charset::fix_length_and_dec() === modified file 'sql/item_strfunc.h' --- a/sql/item_strfunc.h 2011-01-13 07:57:15 +0000 +++ b/sql/item_strfunc.h 2011-01-17 12:11:33 +0000 @@ -713,6 +713,7 @@ public: class Item_func_conv_charset :public Item_str_func { bool use_cached_value; + String tmp_value; public: bool safe; CHARSET_INFO *conv_charset; // keep it public No bundle (reason: useless for push emails).