List:Commits« Previous MessageNext Message »
From:Sergey Vojtovich Date:February 12 2009 9:51am
Subject:bzr push into mysql-5.0-bugteam branch (svoj:2741 to 2742) Bug#36737
View as plain text  
 2742 Sergey Vojtovich	2009-02-12
      BUG#36737 - having + full text operator crashes mysql
            
      MATCH() function accepts column list as an argument. It was possible to override
      this requirement with aliased non-column select expression. Which results in
      server crash.
      
      With this fix aliased non-column select expressions are not accepted by MATCH()
      function, returning an error.
modified:
  mysql-test/r/fulltext.result
  mysql-test/t/fulltext.test
  sql/item_func.cc

 2741 Georgi Kodinov	2009-02-12 [merge]
      merged bug 33813 to 5.0-bugteam 
modified:
  mysql-test/r/windows.result
  mysql-test/t/windows.test
  sql/sql_yacc.yy

=== modified file 'mysql-test/r/fulltext.result'
--- a/mysql-test/r/fulltext.result	2009-01-15 11:08:09 +0000
+++ b/mysql-test/r/fulltext.result	2009-02-12 09:49:44 +0000
@@ -506,3 +506,7 @@ SELECT MATCH(a) AGAINST('aaa1* aaa14 aaa
 MATCH(a) AGAINST('aaa1* aaa14 aaa15 aaa16' IN BOOLEAN MODE)
 2
 DROP TABLE t1;
+CREATE TABLE t1(a TEXT);
+SELECT GROUP_CONCAT(a) AS st FROM t1 HAVING MATCH(st) AGAINST('test' IN BOOLEAN MODE);
+ERROR HY000: Incorrect arguments to AGAINST
+DROP TABLE t1;

=== modified file 'mysql-test/t/fulltext.test'
--- a/mysql-test/t/fulltext.test	2009-01-15 11:08:09 +0000
+++ b/mysql-test/t/fulltext.test	2009-02-12 09:49:44 +0000
@@ -432,3 +432,11 @@ INSERT INTO t1 VALUES('aaa15');
 SELECT MATCH(a) AGAINST('aaa1* aaa14 aaa16' IN BOOLEAN MODE) FROM t1;
 SELECT MATCH(a) AGAINST('aaa1* aaa14 aaa15 aaa16' IN BOOLEAN MODE) FROM t1;
 DROP TABLE t1;
+
+#
+# BUG#36737 - having + full text operator crashes mysql
+#
+CREATE TABLE t1(a TEXT);
+--error ER_WRONG_ARGUMENTS
+SELECT GROUP_CONCAT(a) AS st FROM t1 HAVING MATCH(st) AGAINST('test' IN BOOLEAN MODE);
+DROP TABLE t1;

=== modified file 'sql/item_func.cc'
--- a/sql/item_func.cc	2009-01-16 14:48:41 +0000
+++ b/sql/item_func.cc	2009-02-12 09:49:44 +0000
@@ -4961,7 +4961,10 @@ bool Item_func_match::fix_fields(THD *th
     if (item->type() == Item::REF_ITEM)
       args[i]= item= *((Item_ref *)item)->ref;
     if (item->type() != Item::FIELD_ITEM)
-      key=NO_SUCH_KEY;
+    {
+      my_error(ER_WRONG_ARGUMENTS, MYF(0), "AGAINST");
+      return TRUE;
+    }
   }
   /*
     Check that all columns come from the same table.
Thread
bzr push into mysql-5.0-bugteam branch (svoj:2741 to 2742) Bug#36737Sergey Vojtovich12 Feb