diff options
| author | Gleb Shchepa <gshchepa@mysql.com> | 2008-12-12 00:57:32 +0400 |
|---|---|---|
| committer | Gleb Shchepa <gshchepa@mysql.com> | 2008-12-12 00:57:32 +0400 |
| commit | ffe23f0eb736609915d3c201c3f2556819698dc1 (patch) | |
| tree | c5ffeda56158ff115ad12938db30da4d37e8ae4a /sql/item_func.h | |
| parent | 0837c111a95b15784cb986c4991af66b2e8f4102 (diff) | |
| download | mariadb-git-ffe23f0eb736609915d3c201c3f2556819698dc1.tar.gz | |
Bug #40761: Assert on sum function on
IF(..., CAST(longtext AS UNSIGNED), signed_val)
(was: LEFT JOIN on inline view crashes server)
Select from a LONGTEXT column wrapped with an expression
like "IF(..., CAST(longtext_column AS UNSIGNED), smth_signed)"
failed an assertion or crashed the server. IFNULL function was
affected too.
LONGTEXT column item has a maximum length of 32^2-1 bytes,
at the same time this is a maximum possible length of any
MySQL item. CAST(longtext_column AS UNSIGNED) returns some
unsigned numeric result of length 32^2-1, so the result of
IF/IFNULL function of this number and some other signed number
will have text length of (32^2-1)+1=32^2 (one byte for the
minus sign) - there is integer overflow, and the length is
equal to zero. That caused assert/crash.
The bug has been fixed by the same solution as in the CASE
function implementation.
mysql-test/r/func_if.result:
Added test case for bug #40761.
mysql-test/t/func_if.test:
Added test case for bug #40761.
sql/item_cmpfunc.cc:
Bug #40761: Assert on sum function on
IF(..., CAST(longtext AS UNSIGNED), signed_val)
1. Item_func_case::agg_str_lengths method has been moved
to the Item_func superclass.
2. Item_func_ifnull/Item_func_if::fix_length_and_dec methods
have been updated to calculate max_length, decimals and
unsigned flag like Item_func_case.
sql/item_cmpfunc.h:
Bug #40761: Assert on sum function on
IF(..., CAST(longtext AS UNSIGNED), signed_val)
Item_func_case::agg_str_lengths method has been moved to
the Item_func superclass.
sql/item_func.cc:
Bug #40761: Assert on sum function on
IF(..., CAST(longtext AS UNSIGNED), signed_val)
Item_func_case::agg_str_lengths method has been moved to
the Item_func superclass.
sql/item_func.h:
Bug #40761: Assert on sum function on
IF(..., CAST(longtext AS UNSIGNED), signed_val)
Item_func_case::agg_str_lengths method has been moved to
the Item_func superclass.
Diffstat (limited to 'sql/item_func.h')
| -rw-r--r-- | sql/item_func.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sql/item_func.h b/sql/item_func.h index 6dcf32cba07..d4da0b7a853 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -193,6 +193,8 @@ public: void * arg, traverse_order order); bool is_expensive_processor(byte *arg); virtual bool is_expensive() { return 0; } +protected: + void agg_num_lengths(Item *arg); }; |