diff options
| author | Ramil Kalimullin <ramil@mysql.com> | 2010-06-20 02:02:58 +0400 |
|---|---|---|
| committer | Ramil Kalimullin <ramil@mysql.com> | 2010-06-20 02:02:58 +0400 |
| commit | 1614c3c1288ad9d71879d44ef4e8c1edee84d96a (patch) | |
| tree | bea28b1d459f6974daa97c2f35a992a64afdb346 /sql | |
| parent | 5088fb1394a51003038efc6fb901461ad880255a (diff) | |
| download | mariadb-git-1614c3c1288ad9d71879d44ef4e8c1edee84d96a.tar.gz | |
Fix for bug #54575: crash when joining tables with unique set column
Problem: a flaw (derefencing a NULL pointer) in the LIKE optimization
code may lead to a server crash in some rare cases.
Fix: check the pointer before its dereferencing.
mysql-test/r/func_like.result:
Fix for bug #54575: crash when joining tables with unique set column
- test result.
mysql-test/t/func_like.test:
Fix for bug #54575: crash when joining tables with unique set column
- test case.
sql/item_cmpfunc.cc:
Fix for bug #54575: crash when joining tables with unique set column
- check res2 buffer pointer before its dereferencing
as it may be NULL in some cases.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/item_cmpfunc.cc | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 6e38220abd1..ca225f129ee 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -4568,13 +4568,14 @@ Item_func::optimize_type Item_func_like::select_optimize() const if (args[1]->const_item()) { String* res2= args[1]->val_str((String *)&cmp.value2); + const char *ptr2; - if (!res2) + if (!res2 || !(ptr2= res2->ptr())) return OPTIMIZE_NONE; - if (*res2->ptr() != wild_many) + if (*ptr2 != wild_many) { - if (args[0]->result_type() != STRING_RESULT || *res2->ptr() != wild_one) + if (args[0]->result_type() != STRING_RESULT || *ptr2 != wild_one) return OPTIMIZE_OP; } } |