List:Commits« Previous MessageNext Message »
From:Norvald H. Ryeng Date:November 3 2011 10:15am
Subject:bzr push into mysql-trunk branch (norvald.ryeng:3551 to 3552) Bug#11764313
View as plain text  
 3552 Norvald H. Ryeng	2011-11-03
      Bug#11764313 57135: CRASH IN ITEM_FUNC_CASE::FIND_ITEM WITH CASE WHEN
      ELSE CLAUSE
      
      Problem: During optimization, ZEROFILL values, which includes YEAR
      values, may be converted to string constants. However, the CASE
      function does not handle switching datatypes after planning, leading
      to CASE finding a null pointer instead of its argument.
      
      Item_func_case creates a table of cmp_items, one for each datatype
      used in the comparison. This table is created during query planning by
      fix_length_and_dec(). During optimization,
      Item_field::equal_fields_propagator() converts ZEROFILL numbers to
      strings, but the comparison table in Item_func_case is not
      updated. Later in optimization, the condition is evaluated as part of
      removing trivial comparisons from the query. During evaluation, the
      position in the comparison table is found by examining the result
      types of the fields to be compared. Since the result type of the
      fields have changed, the wrong position in the comparison table is
      inferred, and this position contains a null pointer.
      
      This bug is similar to bug#11764818, which affects the IN
      function. Item_func_in and Item_func_case are the only functions using
      the cmp_items construct.
      
      Fix: Set the cmp_context of WHEN arguments to Item_func_case so that
      Item_field::equal_fields_propagator() will not convert them to
      strings.
     @ mysql-test/r/case.result
        Add test for bug#11764313.
     @ mysql-test/t/case.test
        Add test for bug#11764313.
     @ sql/item_cmpfunc.cc
        Set cmp_context of WHEN arguments to Item_func_case.

    modified:
      mysql-test/r/case.result
      mysql-test/t/case.test
      sql/item_cmpfunc.cc
 3551 Anitha Gopi	2011-11-03
      Bug#11755645: LOCK_MULTI_BUG38499 does not fail anymore. Remove the test from experimental group

    modified:
      mysql-test/collections/default.experimental
=== modified file 'mysql-test/r/case.result'
--- a/mysql-test/r/case.result	2011-07-19 15:11:15 +0000
+++ b/mysql-test/r/case.result	2011-11-03 10:15:06 +0000
@@ -220,3 +220,7 @@ a	d
 3	11120436154190595086
 drop table t1, t2;
 End of 5.0 tests
+CREATE TABLE t1(a YEAR);
+SELECT 1 FROM t1 WHERE a=1 AND CASE 1 WHEN a THEN 1 ELSE 1 END;
+1
+DROP TABLE t1;

=== modified file 'mysql-test/t/case.test'
--- a/mysql-test/t/case.test	2010-08-19 11:55:35 +0000
+++ b/mysql-test/t/case.test	2011-11-03 10:15:06 +0000
@@ -173,3 +173,12 @@ select t1.a, (case t1.a when 0 then 0 el
 drop table t1, t2;
 
 --echo End of 5.0 tests
+
+#
+# Bug #11764313 57135: CRASH IN ITEM_FUNC_CASE::FIND_ITEM WITH CASE WHEN
+# ELSE CLAUSE
+#
+
+CREATE TABLE t1(a YEAR);
+SELECT 1 FROM t1 WHERE a=1 AND CASE 1 WHEN a THEN 1 ELSE 1 END;
+DROP TABLE t1;

=== modified file 'sql/item_cmpfunc.cc'
--- a/sql/item_cmpfunc.cc	2011-10-27 07:03:49 +0000
+++ b/sql/item_cmpfunc.cc	2011-11-03 10:15:06 +0000
@@ -3254,6 +3254,15 @@ void Item_func_case::fix_length_and_dec(
           return;
       }
     }
+    /*
+      Set cmp_context of all WHEN arguments. This prevents
+      Item_field::equal_fields_propagator() from transforming a
+      zerofill argument into a string constant. Such a change would
+      require rebuilding cmp_items.
+    */
+    for (i= 0; i < ncases; i+= 2)
+      args[i]->cmp_context= item_cmp_type(left_result_type,
+                                          args[i]->result_type());
   }
 
   if (else_expr_num == -1 || args[else_expr_num]->maybe_null)

No bundle (reason: useless for push emails).
Thread
bzr push into mysql-trunk branch (norvald.ryeng:3551 to 3552) Bug#11764313Norvald H. Ryeng7 Nov