#At file:///home/gluh/MySQL/mysql-5.1/ based on revid:sergey.glukhov@stripped
3649 Sergey Glukhov 2011-06-17
Bug#11766684 59851: UNINITIALISED VALUE IN ITEM_FUNC_LIKE::SELECT_OPTIMIZE WITH SUBQUERY AND
There is an attempt to use uninitialized string buffer
in case of empty wildcard. The fix is to add string
length check for wilcard argument.
@ mysql-test/r/func_str.result
test case
@ mysql-test/t/func_str.test
test case
@ sql/item_cmpfunc.cc
added string length check for wilcard argument.
modified:
mysql-test/r/func_str.result
mysql-test/t/func_str.test
sql/item_cmpfunc.cc
=== modified file 'mysql-test/r/func_str.result'
--- a/mysql-test/r/func_str.result 2011-06-15 06:38:11 +0000
+++ b/mysql-test/r/func_str.result 2011-06-17 06:20:11 +0000
@@ -2634,4 +2634,15 @@ DROP TABLE t1;
SELECT SUBSTRING('1', DAY(FROM_UNIXTIME(-1)));
SUBSTRING('1', DAY(FROM_UNIXTIME(-1)))
NULL
+#
+# Bug#11766684 59851: UNINITIALISED VALUE IN ITEM_FUNC_LIKE::SELECT_OPTIMIZE WITH SUBQUERY AND
+#
+CREATE TABLE t2(a INT, KEY(a));
+INSERT INTO t2 VALUES (1),(2);
+CREATE TABLE t1(b INT, PRIMARY KEY(b));
+INSERT INTO t1 VALUES (0),(254);
+SELECT 1 FROM t2 WHERE a LIKE
+(SELECT EXPORT_SET(1, b, b, b, b) FROM t1 LIMIT 1);
+1
+DROP TABLE t1, t2;
End of 5.1 tests
=== modified file 'mysql-test/t/func_str.test'
--- a/mysql-test/t/func_str.test 2011-06-15 06:38:11 +0000
+++ b/mysql-test/t/func_str.test 2011-06-17 06:20:11 +0000
@@ -1386,4 +1386,16 @@ DROP TABLE t1;
SELECT SUBSTRING('1', DAY(FROM_UNIXTIME(-1)));
+--echo #
+--echo # Bug#11766684 59851: UNINITIALISED VALUE IN ITEM_FUNC_LIKE::SELECT_OPTIMIZE WITH SUBQUERY AND
+--echo #
+
+CREATE TABLE t2(a INT, KEY(a));
+INSERT INTO t2 VALUES (1),(2);
+CREATE TABLE t1(b INT, PRIMARY KEY(b));
+INSERT INTO t1 VALUES (0),(254);
+SELECT 1 FROM t2 WHERE a LIKE
+(SELECT EXPORT_SET(1, b, b, b, b) FROM t1 LIMIT 1);
+DROP TABLE t1, t2;
+
--echo End of 5.1 tests
=== modified file 'sql/item_cmpfunc.cc'
--- a/sql/item_cmpfunc.cc 2011-04-12 09:51:36 +0000
+++ b/sql/item_cmpfunc.cc 2011-06-17 06:20:11 +0000
@@ -4656,21 +4656,20 @@ longlong Item_func_like::val_int()
Item_func::optimize_type Item_func_like::select_optimize() const
{
- if (args[1]->const_item())
- {
- String* res2= args[1]->val_str((String *)&cmp.value2);
- const char *ptr2;
-
- if (!res2 || !(ptr2= res2->ptr()))
- return OPTIMIZE_NONE;
+ if (!args[1]->const_item())
+ return OPTIMIZE_NONE;
- if (*ptr2 != wild_many)
- {
- if (args[0]->result_type() != STRING_RESULT || *ptr2 != wild_one)
- return OPTIMIZE_OP;
- }
- }
- return OPTIMIZE_NONE;
+ String* res2= args[1]->val_str((String *)&cmp.value2);
+ if (!res2)
+ return OPTIMIZE_NONE;
+
+ if (!res2->length()) // Can optimize empty wildcard: column LIKE ''
+ return OPTIMIZE_OP;
+
+ DBUG_ASSERT(res2->ptr());
+ char first= res2->ptr()[0];
+ return (first == wild_many || first == wild_one) ?
+ OPTIMIZE_NONE : OPTIMIZE_OP;
}
Attachment: [text/bzr-bundle] bzr/sergey.glukhov@oracle.com-20110617062011-as6ivempexoaj96u.bundle
| Thread |
|---|
| • bzr commit into mysql-5.1 branch (sergey.glukhov:3649) Bug#11766684 | Sergey Glukhov | 19 Jun |
