diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2017-10-17 10:57:51 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2017-10-17 11:04:09 +0200 |
| commit | b000e169562697aa072600695d4f0c0412f94f4f (patch) | |
| tree | 3c05a2dee4eed10960766f8c584b8f7a259d51cf /BUILD-CMAKE | |
| parent | df5f25fa7a2c9f43f0506b2ef98dc00033a5c557 (diff) | |
| download | mariadb-git-b000e169562697aa072600695d4f0c0412f94f4f.tar.gz | |
Bug#26361149 MYSQL SERVER CRASHES AT: COL IN(IFNULL(CONST, COL), NAME_CONST('NAME', NULL))mariadb-5.5.58
based on:
commit f7316aa0c9a
Author: Ajo Robert <ajo.robert@oracle.com>
Date: Thu Aug 24 17:03:21 2017 +0530
Bug#26361149 MYSQL SERVER CRASHES AT: COL IN(IFNULL(CONST,
COL), NAME_CONST('NAME', NULL))
Backport of Bug#19143243 fix.
NAME_CONST item can return NULL_ITEM type in case of incorrect arguments.
NULL_ITEM has special processing in Item_func_in function.
In Item_func_in::fix_length_and_dec an array of possible comparators is
created. Since NAME_CONST function has NULL_ITEM type, corresponding
array element is empty. Then NAME_CONST is wrapped to ITEM_CACHE.
ITEM_CACHE can not return proper type(NULL_ITEM) in Item_func_in::val_int(),
so the NULL_ITEM is attempted compared with an empty comparator.
The fix is to disable the caching of Item_name_const item.
Diffstat (limited to 'BUILD-CMAKE')
0 files changed, 0 insertions, 0 deletions