Fix for bug #35298: GROUP_CONCAT with DISTINCT can crash the server

The bug is a regression introduced by the patch for bug32798.

The code in Item_func_group_concat::clear() relied on the 'distinct'
variable to check if 'unique_filter' was initialized. That, however,
is not always valid because Item_func_group_concat::setup() can do
shortcuts in some cases w/o initializing 'unique_filter'.

Fixed by checking the value of 'unique_filter' instead of 'distinct'
before dereferencing.


mysql-test/r/func_gconcat.result:
  Added test cases for bugs #35298 and #36024.
mysql-test/t/func_gconcat.test:
  Added test cases for bugs #35298 and #36024.
sql/item_sum.cc:
  Check if unique_filter != NULL before dereferencing it. Non-zero value
  of distinct does not always mean that unique_filter is initialized
  because Item_func_group_concat::setup() can do shortcuts is some cases

1 files changed, 1 insertions, 1 deletions

diff --git a/sql/item_sum.cc b/sql/item_sum.cc
index 91f9889b03f..91320d6b56b 100644
--- a/sql/item_sum.cc
+++ b/sql/item_sum.cc
@@ -3222,7 +3222,7 @@ void Item_func_group_concat::clear()
   no_appended= TRUE;
   if (tree)
     reset_tree(tree);
-  if (distinct)
+  if (unique_filter)
     unique_filter->reset();
   /* No need to reset the table as we never call write_row */
 }