MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:ramil Date:November 27 2007 5:36am
Subject:bk commit into 5.0 tree (ramil:1.2579) BUG#32559
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of ram. When ram does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-11-27 09:36:43+04:00, ramil@stripped +4 -0
  Fix for bug #32559: connection hangs on query with name_const
  
  Problem: passing a non-constant name to the NAME_CONST function results in a crash.
  
  Fix: check the NAME_CONST name argument; return fake item type if we got
  non-constant argument(s).

  mysql-test/r/func_misc.result@stripped, 2007-11-27 09:36:40+04:00, ramil@stripped +7 -0
    Fix for bug #32559: connection hangs on query with name_const
      - test result.

  mysql-test/t/func_misc.test@stripped, 2007-11-27 09:36:40+04:00, ramil@stripped +11 -1
    Fix for bug #32559: connection hangs on query with name_const
      - test case.

  sql/item.cc@stripped, 2007-11-27 09:36:40+04:00, ramil@stripped +11 -1
    Fix for bug #32559: connection hangs on query with name_const
      - Item_name_const::type() now returns NULL_ITEM if non-constant arguments 
        were used to create the item to avoid wrong type casting.

  sql/item.h@stripped, 2007-11-27 09:36:40+04:00, ramil@stripped +3 -1
    Fix for bug #32559: connection hangs on query with name_const
      - NAME_CONST name argument checked for invariability.

diff -Nrup a/mysql-test/r/func_misc.result b/mysql-test/r/func_misc.result
--- a/mysql-test/r/func_misc.result	2007-10-09 14:36:00 +05:00
+++ b/mysql-test/r/func_misc.result	2007-11-27 09:36:40 +04:00
@@ -207,4 +207,11 @@ test
 SELECT NAME_CONST('test', 'test');
 test
 test
+CREATE TABLE t1(a INT);
+INSERT INTO t1 VALUES (), (), ();
+SELECT NAME_CONST(a, '1') FROM t1;
+ERROR HY000: Incorrect arguments to NAME_CONST
+SET INSERT_ID= NAME_CONST(a, a);
+ERROR HY000: Incorrect arguments to NAME_CONST
+DROP TABLE t1;
 End of 5.0 tests
diff -Nrup a/mysql-test/t/func_misc.test b/mysql-test/t/func_misc.test
--- a/mysql-test/t/func_misc.test	2007-10-09 14:36:00 +05:00
+++ b/mysql-test/t/func_misc.test	2007-11-27 09:36:40 +04:00
@@ -204,5 +204,15 @@ SELECT NAME_CONST('test', 1.0);
 SELECT NAME_CONST('test', -1.0);
 SELECT NAME_CONST('test', 'test');
 
---echo End of 5.0 tests
+#
+# Bug #32559: connection hangs on query with name_const
+#
+CREATE TABLE t1(a INT);
+INSERT INTO t1 VALUES (), (), ();
+--error ER_WRONG_ARGUMENTS
+SELECT NAME_CONST(a, '1') FROM t1;
+--error ER_WRONG_ARGUMENTS
+SET INSERT_ID= NAME_CONST(a, a);
+DROP TABLE t1;
 
+--echo End of 5.0 tests
diff -Nrup a/sql/item.cc b/sql/item.cc
--- a/sql/item.cc	2007-11-13 21:00:43 +04:00
+++ b/sql/item.cc	2007-11-27 09:36:40 +04:00
@@ -1209,7 +1209,17 @@ bool Item_name_const::is_null()
 
 Item::Type Item_name_const::type() const
 {
-  return value_item->type();
+  /*
+    As 
+    1. one can try to create the Item_name_const passing non-constant 
+    arguments, although it's incorrect and 
+    2. the type() method can be called before the fix_fields() to get
+    type information for a further type cast, e.g. 
+    if (item->type() == FIELD_ITEM) 
+      ((Item_field *) item)->... 
+    we return NULL_ITEM in the case to avoid wrong casting.
+  */
+  return valid_args ? value_item->type() : NULL_ITEM;
 }
 
 
diff -Nrup a/sql/item.h b/sql/item.h
--- a/sql/item.h	2007-11-10 23:44:11 +04:00
+++ b/sql/item.h	2007-11-27 09:36:40 +04:00
@@ -1111,11 +1111,13 @@ class Item_name_const : public Item
 {
   Item *value_item;
   Item *name_item;
+  bool valid_args;
 public:
   Item_name_const(Item *name_arg, Item *val):
     value_item(val), name_item(name_arg)
   {
-    if(!value_item->basic_const_item())
+    if (!(valid_args= name_item->basic_const_item() & 
+                      value_item->basic_const_item()))
       my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST");
     Item::maybe_null= TRUE;
   }
Thread
bk commit into 5.0 tree (ramil:1.2579) BUG#32559ramil27 Nov