summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Glukhov <sergey.glukhov@oracle.com>2010-11-18 11:53:08 +0300
committerSergey Glukhov <sergey.glukhov@oracle.com>2010-11-18 11:53:08 +0300
commit1c94d43bbb60817252a87453d3a1d1a7d0f2a35c (patch)
tree317cee8826482bf7616bdab4aba202f3fc188123
parent21bc09c26b69e01ffa155886dc4622827678f3df (diff)
downloadmariadb-git-1c94d43bbb60817252a87453d3a1d1a7d0f2a35c.tar.gz
Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
ESCAPE argument might be empty string. It leads to server crash under some circumstances. The fix: -added check if ESCAPE argument result is not empty string mysql-test/r/ctype_latin1.result: test case mysql-test/t/ctype_latin1.test: test case sql/item_cmpfunc.cc: -added check if ESCAPE argument result is not empty string
Diffstat
-rw-r--r--mysql-test/r/ctype_latin1.result8
-rw-r--r--mysql-test/t/ctype_latin1.test5
-rw-r--r--sql/item_cmpfunc.cc11
3 files changed, 19 insertions, 5 deletions
diff --git a/mysql-test/r/ctype_latin1.result b/mysql-test/r/ctype_latin1.result
index 763acd0fea0..66b2cbd8fc4 100644
--- a/mysql-test/r/ctype_latin1.result
+++ b/mysql-test/r/ctype_latin1.result
@@ -409,3 +409,11 @@ select hex(cast(_ascii 0x7f as char(1) character set latin1));
hex(cast(_ascii 0x7f as char(1) character set latin1))
7F
End of 5.0 tests
+#
+# Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
+#
+SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
+'' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '')
+1
+Warnings:
+Warning 1292 Truncated incorrect INTEGER value: ''
diff --git a/mysql-test/t/ctype_latin1.test b/mysql-test/t/ctype_latin1.test
index b12436f77ba..a7e6351161b 100644
--- a/mysql-test/t/ctype_latin1.test
+++ b/mysql-test/t/ctype_latin1.test
@@ -127,3 +127,8 @@ DROP TABLE `abc˙def`;
select hex(cast(_ascii 0x7f as char(1) character set latin1));
--echo End of 5.0 tests
+
+--echo #
+--echo # Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
+--echo #
+SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index 6987dd9e053..5302406e270 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -4692,6 +4692,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
String *escape_str= escape_item->val_str(&cmp.value1);
if (escape_str)
{
+ const char *escape_str_ptr= escape_str->ptr();
if (escape_used_in_parsing && (
(((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) &&
escape_str->numchars() != 1) ||
@@ -4706,9 +4707,9 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
CHARSET_INFO *cs= escape_str->charset();
my_wc_t wc;
int rc= cs->cset->mb_wc(cs, &wc,
- (const uchar*) escape_str->ptr(),
- (const uchar*) escape_str->ptr() +
- escape_str->length());
+ (const uchar*) escape_str_ptr,
+ (const uchar*) escape_str_ptr +
+ escape_str->length());
escape= (int) (rc > 0 ? wc : '\\');
}
else
@@ -4725,13 +4726,13 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
{
char ch;
uint errors;
- uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str->ptr(),
+ uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str_ptr,
escape_str->length(),
escape_str->charset(), &errors);
escape= cnvlen ? ch : '\\';
}
else
- escape= *(escape_str->ptr());
+ escape= escape_str_ptr ? *escape_str_ptr : '\\';
}
}
else
View Lorry Controller Status