5.1-security->5.5-security merge

3a669ed9 · Sergey Glukhov · 7dde08a8 · 594a5992 · 3a669ed9 · 3a669ed9
Commit 3a669ed9 authored Nov 18, 2010 by Sergey Glukhov
Showing with 23 additions and 5 deletions

mysql-test/r/ctype_latin1.result mysql-test/r/ctype_latin1.result +9 -0

mysql-test/t/ctype_latin1.test mysql-test/t/ctype_latin1.test +8 -0

sql/item_cmpfunc.cc sql/item_cmpfunc.cc +6 -5

No files found.
--- a/mysql-test/r/ctype_latin1.result
+++ b/mysql-test/r/ctype_latin1.result
@@ -410,6 +410,15 @@ hex(cast(_ascii 0x7f as char(1) character set latin1))
 7F
 End of 5.0 tests
 #
+# Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
+#
+SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
+'' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '')
+1
+Warnings:
+Warning	1292	Truncated incorrect INTEGER value: ''
+End of 5.1 tests
+#
 # Start of 5.5 tests
 #
 #

--- a/mysql-test/t/ctype_latin1.test
+++ b/mysql-test/t/ctype_latin1.test
@@ -128,6 +128,14 @@ select hex(cast(_ascii 0x7f as char(1) character set latin1));

 --echo End of 5.0 tests

+
+--echo #
+--echo # Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
+--echo #
+SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
+
+--echo End of 5.1 tests
+
                                                                               
 --echo #
 --echo # Start of 5.5 tests

--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -4720,6 +4720,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
    String *escape_str= escape_item->val_str(&cmp.value1);
    if (escape_str)
    {
+      const char *escape_str_ptr= escape_str->ptr();
      if (escape_used_in_parsing && (
             (((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) &&
                escape_str->numchars() != 1) ||
@@ -4734,9 +4735,9 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
        CHARSET_INFO *cs= escape_str->charset();
        my_wc_t wc;
        int rc= cs->cset->mb_wc(cs, &wc,
-                                (const uchar*) escape_str->ptr(),
-                                (const uchar*) escape_str->ptr() +
-                                               escape_str->length());
+                                (const uchar*) escape_str_ptr,
+                                (const uchar*) escape_str_ptr +
+                                escape_str->length());
        escape= (int) (rc > 0 ? wc : '\\');
      }
      else
@@ -4753,13 +4754,13 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
        {
          char ch;
          uint errors;
-          uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str->ptr(),
+          uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str_ptr,
                                          escape_str->length(),
                                          escape_str->charset(), &errors);
          escape= cnvlen ? ch : '\\';
        }
        else
-          escape= *(escape_str->ptr());
+          escape= escape_str_ptr ? *escape_str_ptr : '\\';
      }
    }
    else