diff options
author | Vladislav Vaintroub <wlad@mariadb.com> | 2021-10-12 10:17:52 +0200 |
---|---|---|
committer | Vladislav Vaintroub <wlad@mariadb.com> | 2021-10-14 12:13:05 +0200 |
commit | a6cf8b34a834e5d16155f8bb3f33d57a4f87eb9e (patch) | |
tree | df36849b93f70c2830cb8717df87809a06089fef /sql | |
parent | bc09362eb312eff5eb2203963d75f368fea3f4ad (diff) | |
download | mariadb-git-a6cf8b34a834e5d16155f8bb3f33d57a4f87eb9e.tar.gz |
MDEV-26806 Server crash in Charset::charset / Item_func_natural_sort_key::val_str
The reason for crash is that natural_sort_key(release_lock('a')) would
evaluate release_lock() twice, once in Item::is_null() and another time
in Item::val_str(). Second time it returns NULL, since lock was already
released.
Fixed to prevent double evaluation.
Diffstat (limited to 'sql')
-rw-r--r-- | sql/item_strfunc.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index a13728295b8..0567501c97a 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -5638,13 +5638,13 @@ static NATSORT_ERR to_natsort_key(const String *in, String *out, String *Item_func_natural_sort_key::val_str(String *out) { - if (args[0]->is_null()) + String *in= args[0]->val_str(); + if (args[0]->null_value || !in) { null_value= true; return nullptr; } NATSORT_ERR err= NATSORT_ERR::SUCCESS; - String *in= args[0]->val_str(); CHARSET_INFO *cs= in->charset(); ulong max_allowed_packet= current_thd->variables.max_allowed_packet; uint errs; |