Commit 30212033 authored by Gleb Shchepa's avatar Gleb Shchepa

Bug #50096: CONCAT_WS inside procedure returning wrong data

Selecting of the CONCAT_WS(...<PS parameter>...) result into
a user variable may return wrong data.

Item_func_concat_ws::val_str contains a number of memory
allocation-saving optimization tricks. After the fix
for bug 46815 the control flow has been changed to a
branch that is commented as "This is quite uncommon!":
one of places where we are trying to concatenate
strings inplace. However, that "uncommon" place
didn't care about PS parameters, that have another
trick in Item_sp_variable::val_str(): they use the
intermediate Item_sp_variable::str_value field,
where they may store a reference to an external
argument's buffer.

The Item_func_concat_ws::val_str function has been
modified to take into account val_str functions
(such as Item_sp_variable::val_str) that return a
pointer to an internal Item member variable that
may reference to a buffer provided.
parent 684405a5
DROP TABLE IF EXISTS t1; DROP TABLE IF EXISTS t1;
DROP PROCEDURE IF EXISTS p1;
CREATE TABLE t1 ( number INT NOT NULL, alpha CHAR(6) NOT NULL ); CREATE TABLE t1 ( number INT NOT NULL, alpha CHAR(6) NOT NULL );
INSERT INTO t1 VALUES (1413006,'idlfmv'), INSERT INTO t1 VALUES (1413006,'idlfmv'),
(1413065,'smpsfz'),(1413127,'sljrhx'),(1413304,'qerfnd'); (1413065,'smpsfz'),(1413127,'sljrhx'),(1413304,'qerfnd');
...@@ -119,4 +120,14 @@ id select_type table type possible_keys key key_len ref rows Extra ...@@ -119,4 +120,14 @@ id select_type table type possible_keys key key_len ref rows Extra
1 SIMPLE t2 index NULL PRIMARY 102 NULL 3 Using index 1 SIMPLE t2 index NULL PRIMARY 102 NULL 3 Using index
1 SIMPLE t1 eq_ref PRIMARY,a PRIMARY 318 func,const,const 1 1 SIMPLE t1 eq_ref PRIMARY,a PRIMARY 318 func,const,const 1
DROP TABLE t1, t2; DROP TABLE t1, t2;
#
# Bug #50096: CONCAT_WS inside procedure returning wrong data
#
CREATE PROCEDURE p1(a varchar(255), b int, c int)
SET @query = CONCAT_WS(",", a, b, c);
CALL p1("abcde", "0", "1234");
SELECT @query;
@query
abcde,0,1234
DROP PROCEDURE p1;
# End of 5.1 tests # End of 5.1 tests
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
--disable_warnings --disable_warnings
DROP TABLE IF EXISTS t1; DROP TABLE IF EXISTS t1;
DROP PROCEDURE IF EXISTS p1;
--enable_warnings --enable_warnings
CREATE TABLE t1 ( number INT NOT NULL, alpha CHAR(6) NOT NULL ); CREATE TABLE t1 ( number INT NOT NULL, alpha CHAR(6) NOT NULL );
...@@ -111,4 +112,16 @@ EXPLAIN SELECT CONCAT('gui_', t2.a), t1.d FROM t2 ...@@ -111,4 +112,16 @@ EXPLAIN SELECT CONCAT('gui_', t2.a), t1.d FROM t2
DROP TABLE t1, t2; DROP TABLE t1, t2;
--echo #
--echo # Bug #50096: CONCAT_WS inside procedure returning wrong data
--echo #
CREATE PROCEDURE p1(a varchar(255), b int, c int)
SET @query = CONCAT_WS(",", a, b, c);
CALL p1("abcde", "0", "1234");
SELECT @query;
DROP PROCEDURE p1;
--echo # End of 5.1 tests --echo # End of 5.1 tests
...@@ -677,8 +677,8 @@ String *Item_func_concat_ws::val_str(String *str) ...@@ -677,8 +677,8 @@ String *Item_func_concat_ws::val_str(String *str)
res->length() + sep_str->length() + res2->length()) res->length() + sep_str->length() + res2->length())
{ {
/* We have room in str; We can't get any errors here */ /* We have room in str; We can't get any errors here */
if (str == res2) if (str->ptr() == res2->ptr())
{ // This is quote uncommon! { // This is quite uncommon!
str->replace(0,0,*sep_str); str->replace(0,0,*sep_str);
str->replace(0,0,*res); str->replace(0,0,*res);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment