Commit 1c94d43b authored by Sergey Glukhov's avatar Sergey Glukhov

Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings

ESCAPE argument might be empty string. It leads
to server crash under some circumstances.
The fix:
-added check if ESCAPE argument result is not empty string

mysql-test/r/ctype_latin1.result:
  test case
mysql-test/t/ctype_latin1.test:
  test case
sql/item_cmpfunc.cc:
  -added check if ESCAPE argument result is not empty string
parent 21bc09c2
......@@ -409,3 +409,11 @@ select hex(cast(_ascii 0x7f as char(1) character set latin1));
hex(cast(_ascii 0x7f as char(1) character set latin1))
7F
End of 5.0 tests
#
# Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
#
SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
'' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '')
1
Warnings:
Warning 1292 Truncated incorrect INTEGER value: ''
......@@ -127,3 +127,8 @@ DROP TABLE `abc
select hex(cast(_ascii 0x7f as char(1) character set latin1));
--echo End of 5.0 tests
--echo #
--echo # Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
--echo #
SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
......@@ -4692,6 +4692,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
String *escape_str= escape_item->val_str(&cmp.value1);
if (escape_str)
{
const char *escape_str_ptr= escape_str->ptr();
if (escape_used_in_parsing && (
(((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) &&
escape_str->numchars() != 1) ||
......@@ -4706,9 +4707,9 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
CHARSET_INFO *cs= escape_str->charset();
my_wc_t wc;
int rc= cs->cset->mb_wc(cs, &wc,
(const uchar*) escape_str->ptr(),
(const uchar*) escape_str->ptr() +
escape_str->length());
(const uchar*) escape_str_ptr,
(const uchar*) escape_str_ptr +
escape_str->length());
escape= (int) (rc > 0 ? wc : '\\');
}
else
......@@ -4725,13 +4726,13 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
{
char ch;
uint errors;
uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str->ptr(),
uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str_ptr,
escape_str->length(),
escape_str->charset(), &errors);
escape= cnvlen ? ch : '\\';
}
else
escape= *(escape_str->ptr());
escape= escape_str_ptr ? *escape_str_ptr : '\\';
}
}
else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment