BUG#20769: Dangling pointer in ctype_recoding test case.

In some functions dealing with strings and character sets, the wrong pointers were saved for restoration in THD::rollback_item_tree_changes(). This could potentially cause random corruption or crashes. Fixed by passing the original Item ** locations, not local stack copies. Also remove unnecessary use of default arguments. sql/item.cc: Function agg_item_charsets() now handles non-consequtive Item *'s. sql/item.h: Remove use of default argument. sql/item_cmpfunc.cc: Remove use of default argument. sql/item_func.cc: Remove use of default argument. sql/item_func.h: Function agg_item_charsets() now handles non-consequtive Item *'s. sql/item_strfunc.cc: Pass original Item **'s to agg_arg_charsets(), not local copies, to ensure proper restoration in THD::rollback_item_tree_changes(). sql/item_sum.cc: Remove use of default argument.
author: unknown <knielsen@mysql.com> 2006-06-30 09:26:36 +0200
committer: unknown <knielsen@mysql.com> 2006-06-30 09:26:36 +0200
commit: d9cb536a55f4fd83e66fb7d87c62924b714432f8 (patch)
tree: b7dbbca863e9dee3f7b5c83cfaa990c51a5a4da3 /sql/item_cmpfunc.cc
parent: ce5ed66f2abc0dfc3779b5e59b875f758545b29b (diff)
download: mariadb-git-d9cb536a55f4fd83e66fb7d87c62924b714432f8.tar.gz
1 files changed, 10 insertions, 10 deletions
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index 80cf756d852..ffacddd534a 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -394,7 +394,7 @@ void Item_bool_func2::fix_length_and_dec()
   DTCollation coll;
   if (args[0]->result_type() == STRING_RESULT &&
       args[1]->result_type() == STRING_RESULT &&
-      agg_arg_charsets(coll, args, 2, MY_COLL_CMP_CONV))
+      agg_arg_charsets(coll, args, 2, MY_COLL_CMP_CONV, 1))
     return;
     
  
@@ -1211,7 +1211,7 @@ void Item_func_between::fix_length_and_dec()
   agg_cmp_type(thd, &cmp_type, args, 3);
 
   if (cmp_type == STRING_RESULT)
-      agg_arg_charsets(cmp_collation, args, 3, MY_COLL_CMP_CONV);
+      agg_arg_charsets(cmp_collation, args, 3, MY_COLL_CMP_CONV, 1);
 }
 
 
@@ -1331,7 +1331,7 @@ Item_func_ifnull::fix_length_and_dec()
 
   switch (hybrid_type) {
   case STRING_RESULT:
-    agg_arg_charsets(collation, args, arg_count, MY_COLL_CMP_CONV);
+    agg_arg_charsets(collation, args, arg_count, MY_COLL_CMP_CONV, 1);
     break;
   case DECIMAL_RESULT:
   case REAL_RESULT:
@@ -1503,7 +1503,7 @@ Item_func_if::fix_length_and_dec()
     agg_result_type(&cached_result_type, args+1, 2);
     if (cached_result_type == STRING_RESULT)
     {
-      if (agg_arg_charsets(collation, args+1, 2, MY_COLL_ALLOW_CONV))
+      if (agg_arg_charsets(collation, args+1, 2, MY_COLL_ALLOW_CONV, 1))
         return;
     }
     else
@@ -1584,7 +1584,7 @@ Item_func_nullif::fix_length_and_dec()
     unsigned_flag= args[0]->unsigned_flag;
     cached_result_type= args[0]->result_type();
     if (cached_result_type == STRING_RESULT &&
-        agg_arg_charsets(collation, args, arg_count, MY_COLL_CMP_CONV))
+        agg_arg_charsets(collation, args, arg_count, MY_COLL_CMP_CONV, 1))
       return;
   }
 }
@@ -1876,7 +1876,7 @@ void Item_func_case::fix_length_and_dec()
   
   agg_result_type(&cached_result_type, agg, nagg);
   if ((cached_result_type == STRING_RESULT) &&
-      agg_arg_charsets(collation, agg, nagg, MY_COLL_ALLOW_CONV))
+      agg_arg_charsets(collation, agg, nagg, MY_COLL_ALLOW_CONV, 1))
     return;
   
   
@@ -1892,7 +1892,7 @@ void Item_func_case::fix_length_and_dec()
     nagg++;
     agg_cmp_type(thd, &cmp_type, agg, nagg);
     if ((cmp_type == STRING_RESULT) &&
-        agg_arg_charsets(cmp_collation, agg, nagg, MY_COLL_CMP_CONV))
+        agg_arg_charsets(cmp_collation, agg, nagg, MY_COLL_CMP_CONV, 1))
       return;
   }
   
@@ -2022,7 +2022,7 @@ void Item_func_coalesce::fix_length_and_dec()
   case STRING_RESULT:
     count_only_length();
     decimals= NOT_FIXED_DEC;
-    agg_arg_charsets(collation, args, arg_count, MY_COLL_ALLOW_CONV);
+    agg_arg_charsets(collation, args, arg_count, MY_COLL_ALLOW_CONV, 1);
     break;
   case DECIMAL_RESULT:
     count_decimal_length();
@@ -2486,7 +2486,7 @@ void Item_func_in::fix_length_and_dec()
   agg_cmp_type(thd, &cmp_type, args, arg_count);
 
   if (cmp_type == STRING_RESULT &&
-      agg_arg_charsets(cmp_collation, args, arg_count, MY_COLL_CMP_CONV))
+      agg_arg_charsets(cmp_collation, args, arg_count, MY_COLL_CMP_CONV, 1))
     return;
 
   for (arg=args+1, arg_end=args+arg_count; arg != arg_end ; arg++)
@@ -3219,7 +3219,7 @@ Item_func_regex::fix_fields(THD *thd, Item **ref)
   max_length= 1;
   decimals= 0;
 
-  if (agg_arg_charsets(cmp_collation, args, 2, MY_COLL_CMP_CONV))
+  if (agg_arg_charsets(cmp_collation, args, 2, MY_COLL_CMP_CONV, 1))
     return TRUE;
 
   used_tables_cache=args[0]->used_tables() | args[1]->used_tables();
author	unknown <knielsen@mysql.com>	2006-06-30 09:26:36 +0200
committer	unknown <knielsen@mysql.com>	2006-06-30 09:26:36 +0200
commit	d9cb536a55f4fd83e66fb7d87c62924b714432f8 (patch)
tree	b7dbbca863e9dee3f7b5c83cfaa990c51a5a4da3 /sql/item_cmpfunc.cc
parent	ce5ed66f2abc0dfc3779b5e59b875f758545b29b (diff)
download	mariadb-git-d9cb536a55f4fd83e66fb7d87c62924b714432f8.tar.gz