From: Sergey Glukhov Date: June 17 2011 6:20am Subject: bzr commit into mysql-5.1 branch (sergey.glukhov:3649) Bug#11766684 List-Archive: http://lists.mysql.com/commits/139384 X-Bug: 11766684 Message-Id: <201106170630.p5H6UlMi008804@acsmt357.oracle.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4073979219240227920==" --===============4073979219240227920== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/gluh/MySQL/mysql-5.1/ based on revid:sergey.glukhov@stripped 3649 Sergey Glukhov 2011-06-17 Bug#11766684 59851: UNINITIALISED VALUE IN ITEM_FUNC_LIKE::SELECT_OPTIMIZE WITH SUBQUERY AND There is an attempt to use uninitialized string buffer in case of empty wildcard. The fix is to add string length check for wilcard argument. @ mysql-test/r/func_str.result test case @ mysql-test/t/func_str.test test case @ sql/item_cmpfunc.cc added string length check for wilcard argument. modified: mysql-test/r/func_str.result mysql-test/t/func_str.test sql/item_cmpfunc.cc === modified file 'mysql-test/r/func_str.result' --- a/mysql-test/r/func_str.result 2011-06-15 06:38:11 +0000 +++ b/mysql-test/r/func_str.result 2011-06-17 06:20:11 +0000 @@ -2634,4 +2634,15 @@ DROP TABLE t1; SELECT SUBSTRING('1', DAY(FROM_UNIXTIME(-1))); SUBSTRING('1', DAY(FROM_UNIXTIME(-1))) NULL +# +# Bug#11766684 59851: UNINITIALISED VALUE IN ITEM_FUNC_LIKE::SELECT_OPTIMIZE WITH SUBQUERY AND +# +CREATE TABLE t2(a INT, KEY(a)); +INSERT INTO t2 VALUES (1),(2); +CREATE TABLE t1(b INT, PRIMARY KEY(b)); +INSERT INTO t1 VALUES (0),(254); +SELECT 1 FROM t2 WHERE a LIKE +(SELECT EXPORT_SET(1, b, b, b, b) FROM t1 LIMIT 1); +1 +DROP TABLE t1, t2; End of 5.1 tests === modified file 'mysql-test/t/func_str.test' --- a/mysql-test/t/func_str.test 2011-06-15 06:38:11 +0000 +++ b/mysql-test/t/func_str.test 2011-06-17 06:20:11 +0000 @@ -1386,4 +1386,16 @@ DROP TABLE t1; SELECT SUBSTRING('1', DAY(FROM_UNIXTIME(-1))); +--echo # +--echo # Bug#11766684 59851: UNINITIALISED VALUE IN ITEM_FUNC_LIKE::SELECT_OPTIMIZE WITH SUBQUERY AND +--echo # + +CREATE TABLE t2(a INT, KEY(a)); +INSERT INTO t2 VALUES (1),(2); +CREATE TABLE t1(b INT, PRIMARY KEY(b)); +INSERT INTO t1 VALUES (0),(254); +SELECT 1 FROM t2 WHERE a LIKE +(SELECT EXPORT_SET(1, b, b, b, b) FROM t1 LIMIT 1); +DROP TABLE t1, t2; + --echo End of 5.1 tests === modified file 'sql/item_cmpfunc.cc' --- a/sql/item_cmpfunc.cc 2011-04-12 09:51:36 +0000 +++ b/sql/item_cmpfunc.cc 2011-06-17 06:20:11 +0000 @@ -4656,21 +4656,20 @@ longlong Item_func_like::val_int() Item_func::optimize_type Item_func_like::select_optimize() const { - if (args[1]->const_item()) - { - String* res2= args[1]->val_str((String *)&cmp.value2); - const char *ptr2; - - if (!res2 || !(ptr2= res2->ptr())) - return OPTIMIZE_NONE; + if (!args[1]->const_item()) + return OPTIMIZE_NONE; - if (*ptr2 != wild_many) - { - if (args[0]->result_type() != STRING_RESULT || *ptr2 != wild_one) - return OPTIMIZE_OP; - } - } - return OPTIMIZE_NONE; + String* res2= args[1]->val_str((String *)&cmp.value2); + if (!res2) + return OPTIMIZE_NONE; + + if (!res2->length()) // Can optimize empty wildcard: column LIKE '' + return OPTIMIZE_OP; + + DBUG_ASSERT(res2->ptr()); + char first= res2->ptr()[0]; + return (first == wild_many || first == wild_one) ? + OPTIMIZE_NONE : OPTIMIZE_OP; } --===============4073979219240227920== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/sergey.glukhov@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: sergey.glukhov@stripped\ # as6ivempexoaj96u # target_branch: file:///home/gluh/MySQL/mysql-5.1/ # testament_sha1: 26f7a537566617198265b2c3b09dcea068e47af4 # timestamp: 2011-06-17 10:20:15 +0400 # source_branch: bzr+ssh://sgluhov@stripped/bzrroot\ # /server/mysql-5.1/ # base_revision_id: sergey.glukhov@stripped\ # bwjmtltmziseclv9 # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWbr0QCEAA8XfgEAQeff////v //q////0YAg3M199e3uFIjve6eu3t45V3u4yvb048JJQSbUZoho0wTR6majaI0yGhoaBkMgGmgJK EaEzTQmKNT9TJNkjJp6gGmQADIAABzCaA0Bo0YRoMRpiZMTQYRoGQDJgJEplMJI21T9TUb1RtNTy jR+qBpoaYRkAepkDQAIqTRkpmFMmNKZMCNDRphAAAGgAyaAkkJghGmRpTwieiekJpjSZNMmgAGgA yFjvUxZBPji/UUPGnyo/Bo98NOvAvqKq2NZXxW8Y3U6WVFzs25E64mxVUAGapU9OJZ6D7xLVOd4K EcQxXq3UuMPrbZdnWpWpjbbaxc4UYfiK9cL8RRII6kGxVFdk7UTzrut9zCf4qsW6SeJxogWUzFAM S4iYPlGAZXnzCpuodwxYlKyoCqD6Is+D2IYQN5ykTvchj4w/rbnyt6dQk/sOROrocrPFQ4KF0HSY gwaNLyUWGEMYEC1YVckLmCDTLt1n+LnUem00HWAKN9mGqK5zOhr57Dg6HkN4UM++eM8IxIldZqdt 8p3qpxrLTYSo9hnB6CWu20MQzCYXul1xzgHQc9zCtX1MvW8FGfuu29s2XLm+Arz1d2lm/5dMMkXo C1ATemGTe71bwfK9tU6LcUsfSrE2QxNjzEaM94sFSKhqlSEKBQWtQqEyppwnCI1Ri1pF6KTDAqxy 3iFcLh2oJkFaNGDSQArqNuZeCdqeAdGgj2ZHvEYouaAST9inSZkxJKmTNuvz7CRmMRRhoDV3dF+K MhbtnvgIzWv18obTmq2c8c1UcukzNJPFSNndLyCBuVs+kXxdHIcsRZCGAJEhgO52TbpHUOlZ8DJz +We/heLEx3h5vStW4bFb1s1q9zQvFp0bE94bWKlCnCwn1MRKYSo3JR+Q7Ag0ibvYU5FQy22ktynG 0sRNnddKKx8cvP1PCJqOKvNjFkyGZjzuiWwFgW5j+zJ3EgPL+YSraottekQksR3XQeK83kRXZFOw XHOdwZowksJDUeZRippmTDIQ3klUwRhcNQyaOU6zJ+t5aTWvTZBsS6RFN8w/WIrXIrc7xGCgmwYp RDlRiamujinETPOnkpeanZ1RbsmkRFKq0pl51psWNjKM7bq67bUShO9xQYcrHD1AV7QNFZVwmZD6 FodMyxZRLCVtzhlanmQhorfAksyHK7S/NsR9THE6Aj0DsdkFG2GJ6VhmrM55yTPWva1cIA8LLHRg iKdJ6TqAnRZTWKUJx6NYiN43mI3Qtnp4B7KyJrSsqVJ2LyjkYHqaAvizL6SeXSaNkIVrpkxlF9rt flkUoIr7WmDQ0RPy0zbg6XoOcZMiIW0rzCTeYoSiTFpQKocGCsdJe4ZUFaMOAgrleDgILKUM2piB mGkOQci0NjAzCcwSBqYNzS0tDFkwBtC4MbApT64g3zUDpIlAFrac4SP0HUJEPGKwYEV7DAyVoaLS eKlmbWFBcFIzMFQ1hUheBSE2RKyxwelgGXKyVtK0gFgFrsN8vaKqnqWioiyiJWpE4mYUg5MxuC6M QOVigctDjlGunRzMXKcxgQxOc/0jTp9yAfAjxRplB4vUI39Q9lZbNqnrtbHsvC1B+qlxCJKomnK7 4L/LDbJjGFiNkxrJMNw2lVrj22QHqsZXMZkUCinxqkjkETbDLrSKuGOmpqsCh4S1eBe0NI3tVRrq eGauWKJQZAOR7/YiNUBr98tK/VfAVexknvM84Ejl7bcAxRbtaqHyuilENarMbo8el/a6viDlb1Vf 23ryadhZqsQjq6t2u5XkikoH2sTs8ipoN8sGjyxbVDY9iZETxazPIbE0gi6m2ktJ6zTkwdPk9kh8 7FubVxaM1DN3gbGZMR5hDcy1dHAZWJkcNmc+5p+bcIOqiOq4JiGZ6SqUohyWoQSvXBoQVrfvMRmv h4WMmw2G+NRPUGFv+qnWmXBeRlzJLrHhYTRuFh+jNEJJud68BJgGEGVYIDNdhMrTPBnXeaegB790 ENaU1kEGtjdK6hfDOwtLpdwSFODuhxPKOZGpqsuGFeNMfV2b34C41UsqhyLxXrPpitMev2hFTYLk L1UbjN8RxrQjDitya3LYINYtS8+GhFQcLDi9ffh41zOLAYIBkGK48fLMfjRMjSaOSI+vvIDdoRZ4 V0WZRAGTMjucFVXmsNZwatLO/onMLRD0VcupR9CIp5giNltDijCw1WAYNytNQ0kFtcVUb3JinNCq CQa9yehuKLs7yCbTZq7zoULRw3YyJYz/IFo0Paodbj1rEQYjgVN7JgHhFhEWR2qm58XOjyHEZLj3 +N8F82+9dq/S7btNe3QZCLrwDgqLmFSpRkZhSyDAcO0XUNIqdp0JooEggBoXUUFCqNQI35WxEKjT BhyKiNpLd4N4UlK5jzKqMRbjygyd2scWVqxCa7uRG73FYrHVERERXoUM1wxDAfWgJCxoiLcoIhhk GXicDKdFfAoAdrp2Jx8ImOetPrB4si85BgRHXCdwVytbjXKpjxRZRFTQLBeKj5kFO/AhVTBLLNAT LkIbNrr3Z2XF2ZvicJiHDlTAjFXPTk6gRlFv7jWlCBw7GcTQ6rLiwHM8dLcMkqdLqbDLN1nleJ1n UQJsNnQZKIoEOBnuJXag1EJp/5b/xdyRThQkLr0QCEA= --===============4073979219240227920==--