diff options
| author | Sreeharsha Ramanavarapu <sreeharsha.ramanavarapu@oracle.com> | 2016-05-24 07:44:21 +0530 |
|---|---|---|
| committer | Sreeharsha Ramanavarapu <sreeharsha.ramanavarapu@oracle.com> | 2016-05-24 07:44:21 +0530 |
| commit | 115f08284df1dac6a29cbca49dc7534b4a4f23f7 (patch) | |
| tree | 127c0ab7551bb1dc9c2df63b117af0b033bc6adf | |
| parent | 4de9d9c261a6f2a32e98920bbc530c473b41de07 (diff) | |
| download | mariadb-git-115f08284df1dac6a29cbca49dc7534b4a4f23f7.tar.gz | |
Bug #23279858: MYSQLD GOT SIGNAL 11 ON SIMPLE SELECT
NAME_CONST QUERY
ISSUE:
------
Using NAME_CONST with a non-constant negated expression as
value can result in incorrect behavior.
SOLUTION:
---------
The problem can be avoided by checking whether the argument
is a constant value.
The fix is a backport of Bug#12735545.
| -rw-r--r-- | mysql-test/r/func_misc.result | 7 | ||||
| -rw-r--r-- | mysql-test/t/func_misc.test | 10 | ||||
| -rw-r--r-- | sql/item.cc | 9 |
3 files changed, 24 insertions, 2 deletions
diff --git a/mysql-test/r/func_misc.result b/mysql-test/r/func_misc.result index c9552d9e39f..de46f070065 100644 --- a/mysql-test/r/func_misc.result +++ b/mysql-test/r/func_misc.result @@ -403,3 +403,10 @@ DROP TABLE t1; # # End of tests # +SELECT NAME_CONST('a', -(1 OR 2)) OR 1; +ERROR HY000: Incorrect arguments to NAME_CONST +SELECT NAME_CONST('a', -(1 AND 2)) OR 1; +ERROR HY000: Incorrect arguments to NAME_CONST +SELECT NAME_CONST('a', -(1)) OR 1; +NAME_CONST('a', -(1)) OR 1 +1 diff --git a/mysql-test/t/func_misc.test b/mysql-test/t/func_misc.test index 9257314013d..c13b506ad6f 100644 --- a/mysql-test/t/func_misc.test +++ b/mysql-test/t/func_misc.test @@ -544,3 +544,13 @@ DROP TABLE t1; --echo # --echo # End of tests --echo # + +# +# Bug#12735545 - PARSER STACK OVERFLOW WITH NAME_CONST +# CONTAINING OR EXPRESSION +# +--error ER_WRONG_ARGUMENTS +SELECT NAME_CONST('a', -(1 OR 2)) OR 1; +--error ER_WRONG_ARGUMENTS +SELECT NAME_CONST('a', -(1 AND 2)) OR 1; +SELECT NAME_CONST('a', -(1)) OR 1; diff --git a/sql/item.cc b/sql/item.cc index f4917448dda..1541314ec97 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -1358,6 +1358,11 @@ bool Item_name_const::is_null() Item_name_const::Item_name_const(Item *name_arg, Item *val): value_item(val), name_item(name_arg) { + /* + The value argument to NAME_CONST can only be a literal constant. Some extra + tests are needed to support a collation specificer and to handle negative + values. + */ if (!(valid_args= name_item->basic_const_item() && (value_item->basic_const_item() || ((value_item->type() == FUNC_ITEM) && @@ -1365,8 +1370,8 @@ Item_name_const::Item_name_const(Item *name_arg, Item *val): Item_func::COLLATE_FUNC) || ((((Item_func *) value_item)->functype() == Item_func::NEG_FUNC) && - (((Item_func *) value_item)->key_item()->type() != - FUNC_ITEM))))))) + (((Item_func *) + value_item)->key_item()->basic_const_item()))))))) my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST"); Item::maybe_null= TRUE; } |