Bug#26361149 MYSQL SERVER CRASHES AT: COL IN(IFNULL(CONST,

                       COL), NAME_CONST('NAME', NULL))

Backport of Bug#19143243 fix.

NAME_CONST item can return NULL_ITEM type in case of incorrect arguments.
NULL_ITEM has special processing in Item_func_in function.
In Item_func_in::fix_length_and_dec an array of possible comparators is
created. Since NAME_CONST function has NULL_ITEM type, corresponding
array element is empty. Then NAME_CONST is wrapped to ITEM_CACHE.
ITEM_CACHE can not return proper type(NULL_ITEM) in Item_func_in::val_int(),
so the NULL_ITEM is attempted compared with an empty comparator.
The fix is to disable the caching of Item_name_const item.

0 files changed, 0 insertions, 0 deletions