Fix for bug #42803: Field_bit does not have unsigned_flag field,

can lead to bad memory access

Problem: Field_bit is the only field which returns INT_RESULT
and doesn't have unsigned flag. As it's not a descendant of the 
Field_num, so using ((Field_num *) field_bit)->unsigned_flag may lead
to unpredictable results.

Fix: check the field type before casting.


mysql-test/r/type_bit.result:
  Fix for bug #42803: Field_bit does not have unsigned_flag field,
  can lead to bad memory access
    - test result.
mysql-test/t/type_bit.test:
  Fix for bug #42803: Field_bit does not have unsigned_flag field,
  can lead to bad memory access
    - test case.
sql/opt_range.cc:
  Fix for bug #42803: Field_bit does not have unsigned_flag field,
  can lead to bad memory access
    - don't cast to (Field_num *) Field_bit, as it's not a Field_num
  descendant and is always unsigned by nature.

1 files changed, 4 insertions, 1 deletions

diff --git a/sql/opt_range.cc b/sql/opt_range.cc
index fdf6cc03a44..355317fe280 100644
--- a/sql/opt_range.cc
+++ b/sql/opt_range.cc
@@ -4536,6 +4536,7 @@ get_mm_leaf(PARAM *param, COND *conf_func, Field *field, KEY_PART *key_part,
       if (type == Item_func::LT_FUNC && (value->val_int() > 0))
         type = Item_func::LE_FUNC;
       else if (type == Item_func::GT_FUNC &&
+               (field->type() != FIELD_TYPE_BIT) &&
                !((Field_num*)field)->unsigned_flag &&
                !((Item_int*)value)->unsigned_flag &&
                (value->val_int() < 0))
@@ -4572,7 +4573,9 @@ get_mm_leaf(PARAM *param, COND *conf_func, Field *field, KEY_PART *key_part,
    */
   if (field->result_type() == INT_RESULT &&
       value->result_type() == INT_RESULT &&
-      ((Field_num*)field)->unsigned_flag && !((Item_int*)value)->unsigned_flag)
+      ((field->type() == FIELD_TYPE_BIT || 
+       ((Field_num *) field)->unsigned_flag) && 
+       !((Item_int*) value)->unsigned_flag))
   {
     longlong item_val= value->val_int();
     if (item_val < 0)