Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings

ESCAPE argument might be empty string. It leads to server crash under some circumstances. The fix: -added check if ESCAPE argument result is not empty string mysql-test/r/ctype_latin1.result: test case mysql-test/t/ctype_latin1.test: test case sql/item_cmpfunc.cc: -added check if ESCAPE argument result is not empty string
author: Sergey Glukhov <sergey.glukhov@oracle.com> 2010-11-18 11:53:08 +0300
committer: Sergey Glukhov <sergey.glukhov@oracle.com> 2010-11-18 11:53:08 +0300
commit: 1c94d43bbb60817252a87453d3a1d1a7d0f2a35c (patch)
tree: 317cee8826482bf7616bdab4aba202f3fc188123 /sql/item_cmpfunc.cc
parent: 21bc09c26b69e01ffa155886dc4622827678f3df (diff)
download: mariadb-git-1c94d43bbb60817252a87453d3a1d1a7d0f2a35c.tar.gz
1 files changed, 6 insertions, 5 deletions
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index 6987dd9e053..5302406e270 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -4692,6 +4692,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
     String *escape_str= escape_item->val_str(&cmp.value1);
     if (escape_str)
     {
+      const char *escape_str_ptr= escape_str->ptr();
       if (escape_used_in_parsing && (
              (((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) &&
                 escape_str->numchars() != 1) ||
@@ -4706,9 +4707,9 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
         CHARSET_INFO *cs= escape_str->charset();
         my_wc_t wc;
         int rc= cs->cset->mb_wc(cs, &wc,
-                                (const uchar*) escape_str->ptr(),
-                                (const uchar*) escape_str->ptr() +
-                                               escape_str->length());
+                                (const uchar*) escape_str_ptr,
+                                (const uchar*) escape_str_ptr +
+                                escape_str->length());
         escape= (int) (rc > 0 ? wc : '\\');
       }
       else
@@ -4725,13 +4726,13 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
         {
           char ch;
           uint errors;
-          uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str->ptr(),
+          uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str_ptr,
                                           escape_str->length(),
                                           escape_str->charset(), &errors);
           escape= cnvlen ? ch : '\\';
         }
         else
-          escape= *(escape_str->ptr());
+          escape= escape_str_ptr ? *escape_str_ptr : '\\';
       }
     }
     else
author	Sergey Glukhov <sergey.glukhov@oracle.com>	2010-11-18 11:53:08 +0300
committer	Sergey Glukhov <sergey.glukhov@oracle.com>	2010-11-18 11:53:08 +0300
commit	1c94d43bbb60817252a87453d3a1d1a7d0f2a35c (patch)
tree	317cee8826482bf7616bdab4aba202f3fc188123 /sql/item_cmpfunc.cc
parent	21bc09c26b69e01ffa155886dc4622827678f3df (diff)
download	mariadb-git-1c94d43bbb60817252a87453d3a1d1a7d0f2a35c.tar.gz