Bug #20730155: BACKPORT BUG#19699237 TO 5.1

Backport from mysql-5.5 to mysql-5.1

Bug# 19699237: UNINITIALIZED VARIABLE IN
               ITEM_FIELD::STR_RESULT LEADS TO INCORRECT
               BEHAVIOR

ISSUE:
------
When the following conditions are satisfied in a query, a
server crash occurs:
a) Two rows are compared using a NULL-safe equal-to operator.
b) Each of these rows belong to different charsets.

SOLUTION:
---------
When one charset is converted to another for comparision,
the constructor of "Item_func_conv_charset" is called.
This will attempt to use the Item_cache if the string is a
constant. This check succeeds because the "used_table_map"
of the Item_cache class is never set to the correct value.
Since it is mistakenly assumed to be a constant, it tries
to fetch the relevant null value related fields which are
yet to be initialized. This results in valgrind issues
and wrong results.

The fix is to update the "used_table_map" of "Item_cache".
This will allow "Item_func_conv_charset" to realise that
this is not a constant.

1 files changed, 5 insertions, 1 deletions

diff --git a/sql/item.h b/sql/item.h
index 1c7cf7e6db5..c82d23b6d5a 100644
--- a/sql/item.h
+++ b/sql/item.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -3024,7 +3024,11 @@ public:
     collation.set(item->collation);
     unsigned_flag= item->unsigned_flag;
     if (item->type() == FIELD_ITEM)
+    {
       cached_field= ((Item_field *)item)->field;
+      if (cached_field->table)
+        used_table_map= cached_field->table->map;
+    }
     return 0;
   };
   enum Type type() const { return CACHE_ITEM; }