Commit 52f038c5 authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-5655 Server crashes on NAME_CONST containing AND/OR expressions

fix the NAME_CONST check to only allow literals, negated literals, and literals with
the explicit collation.
parent 16e0cae0
...@@ -265,3 +265,10 @@ SELECT '1' IN ('1', INET_NTOA(0)); ...@@ -265,3 +265,10 @@ SELECT '1' IN ('1', INET_NTOA(0));
'1' IN ('1', INET_NTOA(0)) '1' IN ('1', INET_NTOA(0))
1 1
End of tests End of tests
SELECT NAME_CONST('a', -(1 OR 2)) OR 1;
ERROR HY000: Incorrect arguments to NAME_CONST
SELECT NAME_CONST('a', -(1 AND 2)) AND 1;
ERROR HY000: Incorrect arguments to NAME_CONST
SELECT NAME_CONST('a', -(1)) OR 1;
NAME_CONST('a', -(1)) OR 1
1
...@@ -300,3 +300,13 @@ SELECT '1' IN ('1', INET_NTOA(0)); ...@@ -300,3 +300,13 @@ SELECT '1' IN ('1', INET_NTOA(0));
--echo End of tests --echo End of tests
#
# MDEV-5655 Server crashes on NAME_CONST containing AND/OR expressions
#
--error ER_WRONG_ARGUMENTS
SELECT NAME_CONST('a', -(1 OR 2)) OR 1;
--error ER_WRONG_ARGUMENTS
SELECT NAME_CONST('a', -(1 AND 2)) AND 1;
SELECT NAME_CONST('a', -(1)) OR 1;
...@@ -1284,17 +1284,28 @@ bool Item_name_const::is_null() ...@@ -1284,17 +1284,28 @@ bool Item_name_const::is_null()
Item_name_const::Item_name_const(Item *name_arg, Item *val): Item_name_const::Item_name_const(Item *name_arg, Item *val):
value_item(val), name_item(name_arg) value_item(val), name_item(name_arg)
{ {
if (!(valid_args= name_item->basic_const_item() &&
(value_item->basic_const_item() ||
((value_item->type() == FUNC_ITEM) &&
((((Item_func *) value_item)->functype() ==
Item_func::COLLATE_FUNC) ||
((((Item_func *) value_item)->functype() ==
Item_func::NEG_FUNC) &&
(((Item_func *) value_item)->key_item()->type() !=
FUNC_ITEM)))))))
my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST");
Item::maybe_null= TRUE; Item::maybe_null= TRUE;
valid_args= true;
if (!name_item->basic_const_item())
goto err;
if (value_item->basic_const_item())
return; // ok
if (value_item->type() == FUNC_ITEM)
{
Item_func *value_func= (Item_func *) value_item;
if (value_func->functype() != Item_func::COLLATE_FUNC &&
value_func->functype() != Item_func::NEG_FUNC)
goto err;
if (value_func->key_item()->basic_const_item())
return; // ok
}
err:
valid_args= false;
my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST");
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment