List:Commits« Previous MessageNext Message »
From:Sergey Glukhov Date:June 17 2011 6:20am
Subject:bzr commit into mysql-5.1 branch (sergey.glukhov:3649) Bug#11766684
View as plain text  
#At file:///home/gluh/MySQL/mysql-5.1/ based on revid:sergey.glukhov@stripped

 3649 Sergey Glukhov	2011-06-17
      Bug#11766684 59851: UNINITIALISED VALUE IN ITEM_FUNC_LIKE::SELECT_OPTIMIZE WITH SUBQUERY AND
      There is an attempt to use uninitialized string buffer
      in case of empty wildcard. The fix is to add string
      length check for wilcard argument.
     @ mysql-test/r/func_str.result
        test case
     @ mysql-test/t/func_str.test
        test case
     @ sql/item_cmpfunc.cc
        added string length check for wilcard argument.

    modified:
      mysql-test/r/func_str.result
      mysql-test/t/func_str.test
      sql/item_cmpfunc.cc
=== modified file 'mysql-test/r/func_str.result'
--- a/mysql-test/r/func_str.result	2011-06-15 06:38:11 +0000
+++ b/mysql-test/r/func_str.result	2011-06-17 06:20:11 +0000
@@ -2634,4 +2634,15 @@ DROP TABLE t1;
 SELECT SUBSTRING('1', DAY(FROM_UNIXTIME(-1)));
 SUBSTRING('1', DAY(FROM_UNIXTIME(-1)))
 NULL
+#
+# Bug#11766684 59851: UNINITIALISED VALUE IN ITEM_FUNC_LIKE::SELECT_OPTIMIZE WITH SUBQUERY AND
+#
+CREATE TABLE t2(a INT, KEY(a));
+INSERT INTO t2 VALUES (1),(2);
+CREATE TABLE t1(b INT, PRIMARY KEY(b));
+INSERT INTO t1 VALUES (0),(254);
+SELECT 1 FROM t2 WHERE a LIKE
+(SELECT  EXPORT_SET(1, b, b, b, b) FROM t1 LIMIT 1);
+1
+DROP TABLE t1, t2;
 End of 5.1 tests

=== modified file 'mysql-test/t/func_str.test'
--- a/mysql-test/t/func_str.test	2011-06-15 06:38:11 +0000
+++ b/mysql-test/t/func_str.test	2011-06-17 06:20:11 +0000
@@ -1386,4 +1386,16 @@ DROP TABLE t1;
 
 SELECT SUBSTRING('1', DAY(FROM_UNIXTIME(-1)));
 
+--echo #
+--echo # Bug#11766684 59851: UNINITIALISED VALUE IN ITEM_FUNC_LIKE::SELECT_OPTIMIZE WITH SUBQUERY AND
+--echo #
+
+CREATE TABLE t2(a INT, KEY(a));
+INSERT INTO t2 VALUES (1),(2);
+CREATE TABLE t1(b INT, PRIMARY KEY(b));
+INSERT INTO t1 VALUES (0),(254);
+SELECT 1 FROM t2 WHERE a LIKE
+(SELECT  EXPORT_SET(1, b, b, b, b) FROM t1 LIMIT 1);
+DROP TABLE t1, t2;
+
 --echo End of 5.1 tests

=== modified file 'sql/item_cmpfunc.cc'
--- a/sql/item_cmpfunc.cc	2011-04-12 09:51:36 +0000
+++ b/sql/item_cmpfunc.cc	2011-06-17 06:20:11 +0000
@@ -4656,21 +4656,20 @@ longlong Item_func_like::val_int()
 
 Item_func::optimize_type Item_func_like::select_optimize() const
 {
-  if (args[1]->const_item())
-  {
-    String* res2= args[1]->val_str((String *)&cmp.value2);
-    const char *ptr2;
-
-    if (!res2 || !(ptr2= res2->ptr()))
-      return OPTIMIZE_NONE;
+  if (!args[1]->const_item())
+    return OPTIMIZE_NONE;
 
-    if (*ptr2 != wild_many)
-    {
-      if (args[0]->result_type() != STRING_RESULT || *ptr2 != wild_one)
-	return OPTIMIZE_OP;
-    }
-  }
-  return OPTIMIZE_NONE;
+  String* res2= args[1]->val_str((String *)&cmp.value2);
+  if (!res2)
+    return OPTIMIZE_NONE;
+
+  if (!res2->length()) // Can optimize empty wildcard: column LIKE ''
+    return OPTIMIZE_OP;
+
+  DBUG_ASSERT(res2->ptr());
+  char first= res2->ptr()[0];
+  return (first == wild_many || first == wild_one) ?
+    OPTIMIZE_NONE : OPTIMIZE_OP;
 }
 
 


Attachment: [text/bzr-bundle] bzr/sergey.glukhov@oracle.com-20110617062011-as6ivempexoaj96u.bundle
Thread
bzr commit into mysql-5.1 branch (sergey.glukhov:3649) Bug#11766684Sergey Glukhov19 Jun