diff options
| author | knielsen@mysql.com <> | 2006-06-30 09:26:36 +0200 |
|---|---|---|
| committer | knielsen@mysql.com <> | 2006-06-30 09:26:36 +0200 |
| commit | 1d56a9720c7c0eef6f16e9624cce17553cfddd5b (patch) | |
| tree | b7dbbca863e9dee3f7b5c83cfaa990c51a5a4da3 /sql/item_func.cc | |
| parent | 5154bc6c4728846fc969550db3d8692aa5ca3ffe (diff) | |
| download | mariadb-git-1d56a9720c7c0eef6f16e9624cce17553cfddd5b.tar.gz | |
BUG#20769: Dangling pointer in ctype_recoding test case.
In some functions dealing with strings and character sets, the wrong
pointers were saved for restoration in THD::rollback_item_tree_changes().
This could potentially cause random corruption or crashes.
Fixed by passing the original Item ** locations, not local stack copies.
Also remove unnecessary use of default arguments.
Diffstat (limited to 'sql/item_func.cc')
| -rw-r--r-- | sql/item_func.cc | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/sql/item_func.cc b/sql/item_func.cc index 194d62b1183..5227e771194 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -2038,7 +2038,7 @@ void Item_func_min_max::fix_length_and_dec() cmp_type=item_cmp_type(cmp_type,args[i]->result_type()); } if (cmp_type == STRING_RESULT) - agg_arg_charsets(collation, args, arg_count, MY_COLL_CMP_CONV); + agg_arg_charsets(collation, args, arg_count, MY_COLL_CMP_CONV, 1); else if ((cmp_type == DECIMAL_RESULT) || (cmp_type == INT_RESULT)) max_length= my_decimal_precision_to_length(max_int_part+decimals, decimals, unsigned_flag); @@ -2227,7 +2227,7 @@ longlong Item_func_coercibility::val_int() void Item_func_locate::fix_length_and_dec() { maybe_null=0; max_length=11; - agg_arg_charsets(cmp_collation, args, 2, MY_COLL_CMP_CONV); + agg_arg_charsets(cmp_collation, args, 2, MY_COLL_CMP_CONV, 1); } @@ -2344,7 +2344,7 @@ void Item_func_field::fix_length_and_dec() for (uint i=1; i < arg_count ; i++) cmp_type= item_cmp_type(cmp_type, args[i]->result_type()); if (cmp_type == STRING_RESULT) - agg_arg_charsets(cmp_collation, args, arg_count, MY_COLL_CMP_CONV); + agg_arg_charsets(cmp_collation, args, arg_count, MY_COLL_CMP_CONV, 1); } @@ -2411,7 +2411,7 @@ void Item_func_find_in_set::fix_length_and_dec() } } } - agg_arg_charsets(cmp_collation, args, 2, MY_COLL_CMP_CONV); + agg_arg_charsets(cmp_collation, args, 2, MY_COLL_CMP_CONV, 1); } static const char separator=','; @@ -4401,7 +4401,8 @@ bool Item_func_match::fix_fields(THD *thd, Item **ref) return 1; } table->fulltext_searched=1; - return agg_arg_collations_for_comparison(cmp_collation, args+1, arg_count-1); + return agg_arg_collations_for_comparison(cmp_collation, + args+1, arg_count-1, 0); } bool Item_func_match::fix_index() |