Commit 70cbef8e authored by unknown's avatar unknown

Fix for bug #32103: optimizer crash when join on int and mediumint with

variable in where clause.

Problem: the new_item() method of Item_uint used an incorrect
constructor. "new Item_uint(name, max_length)" calls
Item_uint::Item_uint(const char *str_arg, uint length) which assumes the
first argument to be the string representation of the value, not the
item's name. This could result in either a server crash or incorrect
results depending on usage scenarios.

Fixed by using the correct constructor in new_item():
Item_uint::Item_uint(const char *str_arg, longlong i, uint length).


mysql-test/r/select.result:
  Added a test case for bug #32103.
mysql-test/t/select.test:
  Added a test case for bug #32103.
sql/item.h:
  Use the correct constructor for Item_uint in Item_uint::new_item().
parent b340abe7
...@@ -2835,4 +2835,12 @@ FFFFFFFFFFFFFFFF 7FFFFFFFFFFFFFFF ...@@ -2835,4 +2835,12 @@ FFFFFFFFFFFFFFFF 7FFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFF 7FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF 7FFFFFFFFFFFFFFF
8FFFFFFFFFFFFFFF 7FFFFFFFFFFFFFFF 8FFFFFFFFFFFFFFF 7FFFFFFFFFFFFFFF
drop table t1; drop table t1;
CREATE TABLE t1 (c0 int);
CREATE TABLE t2 (c0 int);
INSERT INTO t1 VALUES(@@connect_timeout);
INSERT INTO t2 VALUES(@@connect_timeout);
SELECT * FROM t1 JOIN t2 ON t1.c0 = t2.c0 WHERE (t1.c0 <=> @@connect_timeout);
c0 c0
X X
DROP TABLE t1, t2;
End of 4.1 tests End of 4.1 tests
...@@ -2353,4 +2353,25 @@ insert into t1 values (0xfffffffffffffffff, 0xfffffffffffffffff), ...@@ -2353,4 +2353,25 @@ insert into t1 values (0xfffffffffffffffff, 0xfffffffffffffffff),
select hex(a), hex(b) from t1; select hex(a), hex(b) from t1;
drop table t1; drop table t1;
#
# Bug #32103: optimizer crash when join on int and mediumint with variable in
# where clause
#
CREATE TABLE t1 (c0 int);
CREATE TABLE t2 (c0 int);
# We need any variable that:
# 1. has integer type,
# 2. can be used with the "@@name" syntax
# 3. available in every server build
INSERT INTO t1 VALUES(@@connect_timeout);
INSERT INTO t2 VALUES(@@connect_timeout);
# We only need to ensure 1 row is returned to validate the results
--replace_column 1 X 2 X
SELECT * FROM t1 JOIN t2 ON t1.c0 = t2.c0 WHERE (t1.c0 <=> @@connect_timeout);
DROP TABLE t1, t2;
--echo End of 4.1 tests --echo End of 4.1 tests
...@@ -690,7 +690,7 @@ class Item_uint :public Item_int ...@@ -690,7 +690,7 @@ class Item_uint :public Item_int
double val() double val()
{ DBUG_ASSERT(fixed == 1); return ulonglong2double((ulonglong)value); } { DBUG_ASSERT(fixed == 1); return ulonglong2double((ulonglong)value); }
String *val_str(String*); String *val_str(String*);
Item *new_item() { return new Item_uint(name,max_length); } Item *new_item() { return new Item_uint(name, value, max_length); }
int save_in_field(Field *field, bool no_conversions); int save_in_field(Field *field, bool no_conversions);
void print(String *str); void print(String *str);
Item_num *neg (); Item_num *neg ();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment