Commit 594a5992 authored by Sergey Glukhov's avatar Sergey Glukhov

Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings

ESCAPE argument might be empty string. It leads
to server crash under some circumstances.
The fix:
-added check if ESCAPE argument result is not empty string
parent d25e3389
...@@ -409,3 +409,11 @@ select hex(cast(_ascii 0x7f as char(1) character set latin1)); ...@@ -409,3 +409,11 @@ select hex(cast(_ascii 0x7f as char(1) character set latin1));
hex(cast(_ascii 0x7f as char(1) character set latin1)) hex(cast(_ascii 0x7f as char(1) character set latin1))
7F 7F
End of 5.0 tests End of 5.0 tests
#
# Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
#
SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
'' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '')
1
Warnings:
Warning 1292 Truncated incorrect INTEGER value: ''
...@@ -127,3 +127,8 @@ DROP TABLE `abc ...@@ -127,3 +127,8 @@ DROP TABLE `abc
select hex(cast(_ascii 0x7f as char(1) character set latin1)); select hex(cast(_ascii 0x7f as char(1) character set latin1));
--echo End of 5.0 tests --echo End of 5.0 tests
--echo #
--echo # Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
--echo #
SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
...@@ -4692,6 +4692,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref) ...@@ -4692,6 +4692,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
String *escape_str= escape_item->val_str(&cmp.value1); String *escape_str= escape_item->val_str(&cmp.value1);
if (escape_str) if (escape_str)
{ {
const char *escape_str_ptr= escape_str->ptr();
if (escape_used_in_parsing && ( if (escape_used_in_parsing && (
(((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) && (((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) &&
escape_str->numchars() != 1) || escape_str->numchars() != 1) ||
...@@ -4706,9 +4707,9 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref) ...@@ -4706,9 +4707,9 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
CHARSET_INFO *cs= escape_str->charset(); CHARSET_INFO *cs= escape_str->charset();
my_wc_t wc; my_wc_t wc;
int rc= cs->cset->mb_wc(cs, &wc, int rc= cs->cset->mb_wc(cs, &wc,
(const uchar*) escape_str->ptr(), (const uchar*) escape_str_ptr,
(const uchar*) escape_str->ptr() + (const uchar*) escape_str_ptr +
escape_str->length()); escape_str->length());
escape= (int) (rc > 0 ? wc : '\\'); escape= (int) (rc > 0 ? wc : '\\');
} }
else else
...@@ -4725,13 +4726,13 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref) ...@@ -4725,13 +4726,13 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
{ {
char ch; char ch;
uint errors; uint errors;
uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str->ptr(), uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str_ptr,
escape_str->length(), escape_str->length(),
escape_str->charset(), &errors); escape_str->charset(), &errors);
escape= cnvlen ? ch : '\\'; escape= cnvlen ? ch : '\\';
} }
else else
escape= *(escape_str->ptr()); escape= escape_str_ptr ? *escape_str_ptr : '\\';
} }
} }
else else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment