Commit 1991a87d authored by unknown's avatar unknown

Fixed bug#16716: subselect in concat() may lead to a wrong result.

The Item_func_concat::val_str() function tries to make as less re-allocations
as possible. This results in appending strings returned by 2nd and next
arguments to the string returned by 1st argument if the buffer for the first
argument has enough free space. A constant subselect is evaluated only once 
and its result is stored in an Item_cache_str. In the case when the first
argument of the concat() function is such a subselect Item_cache_str returns
the stored value and Item_func_concat::val_str() append values of other
arguments to it. But for the next row the value in the Item_cache_str isn't
restored because the subselect is a constant one and it isn't evaluated second
time. This results in appending string values of 2nd and next arguments to the 
result of the previous Item_func_concat::val_str() call.

The Item_func_concat::val_str() function now checks whether the first argument 
is a constant one and if so it doesn't append values of 2nd and next arguments
to the string value returned by it.


mysql-test/t/func_concat.test:
  Added test case for bug#16716: subselect in concat() may lead to a wrong result.
mysql-test/r/func_concat.result:
  Added test case for bug#16716: subselect in concat() may lead to a wrong result.
sql/item_strfunc.cc:
  Fixed bug#16716: subselect in concat() may lead to a wrong result.
  The Item_func_concat::val_str() function now checks whether the first argument 
  is a constant one and if so it doesn't append values of 2nd and next arguments
  to the string value returned by it.
parent 625e5824
......@@ -64,3 +64,10 @@ select 'a' union select concat('a', -0.0);
a
a
good
select concat((select x from (select 'a' as x) as t1 ),
(select y from (select 'b' as y) as t2 )) from (select 1 union select 2 )
as t3;
concat((select x from (select 'a' as x) as t1 ),
(select y from (select 'b' as y) as t2 ))
ab
ab
......@@ -50,4 +50,11 @@ select 'a' union select concat('a', -0);
--replace_result 'a-0.0' good 'a0.0' good
select 'a' union select concat('a', -0.0);
#
# Bug#16716: subselect in concat() may lead to a wrong result
#
select concat((select x from (select 'a' as x) as t1 ),
(select y from (select 'b' as y) as t2 )) from (select 1 union select 2 )
as t3;
# End of 4.1 tests
......@@ -252,11 +252,13 @@ String *Item_func_concat::val_str(String *str)
DBUG_ASSERT(fixed == 1);
String *res,*res2,*use_as_buff;
uint i;
bool is_const= 0;
null_value=0;
if (!(res=args[0]->val_str(str)))
goto null;
use_as_buff= &tmp_value;
is_const= args[0]->const_item();
for (i=1 ; i < arg_count ; i++)
{
if (res->length() == 0)
......@@ -279,7 +281,7 @@ String *Item_func_concat::val_str(String *str)
current_thd->variables.max_allowed_packet);
goto null;
}
if (res->alloced_length() >= res->length()+res2->length())
if (!is_const && res->alloced_length() >= res->length()+res2->length())
{ // Use old buffer
res->append(*res2);
}
......@@ -334,6 +336,7 @@ String *Item_func_concat::val_str(String *str)
res= &tmp_value;
use_as_buff=str;
}
is_const= 0;
}
}
res->set_charset(collation.collation);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment