Bug #20730155: BACKPORT BUG#19699237 TO 5.1

Backport from mysql-5.5 to mysql-5.1

Bug# 19699237: UNINITIALIZED VARIABLE IN
               ITEM_FIELD::STR_RESULT LEADS TO INCORRECT
               BEHAVIOR

ISSUE:
------
When the following conditions are satisfied in a query, a
server crash occurs:
a) Two rows are compared using a NULL-safe equal-to operator.
b) Each of these rows belong to different charsets.

SOLUTION:
---------
When one charset is converted to another for comparision,
the constructor of "Item_func_conv_charset" is called.
This will attempt to use the Item_cache if the string is a
constant. This check succeeds because the "used_table_map"
of the Item_cache class is never set to the correct value.
Since it is mistakenly assumed to be a constant, it tries
to fetch the relevant null value related fields which are
yet to be initialized. This results in valgrind issues
and wrong results.

The fix is to update the "used_table_map" of "Item_cache".
This will allow "Item_func_conv_charset" to realise that
this is not a constant.
parent 3c02e6ec
/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -3024,7 +3024,11 @@ class Item_cache: public Item_basic_constant
collation.set(item->collation);
unsigned_flag= item->unsigned_flag;
if (item->type() == FIELD_ITEM)
{
cached_field= ((Item_field *)item)->field;
if (cached_field->table)
used_table_map= cached_field->table->map;
}
return 0;
};
enum Type type() const { return CACHE_ITEM; }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment