summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mysql-test/r/func_misc.result7
-rw-r--r--mysql-test/t/func_misc.test10
-rw-r--r--sql/item.cc31
-rw-r--r--sql/scheduler.cc1
-rw-r--r--storage/innodb_plugin/row/row0mysql.c4
-rw-r--r--storage/innodb_plugin/row/row0sel.c1
-rw-r--r--storage/xtradb/row/row0mysql.c4
-rw-r--r--storage/xtradb/row/row0sel.c1
8 files changed, 38 insertions, 21 deletions
diff --git a/mysql-test/r/func_misc.result b/mysql-test/r/func_misc.result
index 5910a45c839..56d27ff78be 100644
--- a/mysql-test/r/func_misc.result
+++ b/mysql-test/r/func_misc.result
@@ -265,3 +265,10 @@ SELECT '1' IN ('1', INET_NTOA(0));
'1' IN ('1', INET_NTOA(0))
1
End of tests
+SELECT NAME_CONST('a', -(1 OR 2)) OR 1;
+ERROR HY000: Incorrect arguments to NAME_CONST
+SELECT NAME_CONST('a', -(1 AND 2)) AND 1;
+ERROR HY000: Incorrect arguments to NAME_CONST
+SELECT NAME_CONST('a', -(1)) OR 1;
+NAME_CONST('a', -(1)) OR 1
+1
diff --git a/mysql-test/t/func_misc.test b/mysql-test/t/func_misc.test
index 2a72578aca7..c4cc7734186 100644
--- a/mysql-test/t/func_misc.test
+++ b/mysql-test/t/func_misc.test
@@ -300,3 +300,13 @@ SELECT '1' IN ('1', INET_NTOA(0));
--echo End of tests
+
+#
+# MDEV-5655 Server crashes on NAME_CONST containing AND/OR expressions
+#
+--error ER_WRONG_ARGUMENTS
+SELECT NAME_CONST('a', -(1 OR 2)) OR 1;
+--error ER_WRONG_ARGUMENTS
+SELECT NAME_CONST('a', -(1 AND 2)) AND 1;
+SELECT NAME_CONST('a', -(1)) OR 1;
+
diff --git a/sql/item.cc b/sql/item.cc
index 29cfd2d08d1..6a8573068fc 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -1599,17 +1599,28 @@ bool Item_name_const::is_null()
Item_name_const::Item_name_const(Item *name_arg, Item *val):
value_item(val), name_item(name_arg)
{
- if (!(valid_args= name_item->basic_const_item() &&
- (value_item->basic_const_item() ||
- ((value_item->type() == FUNC_ITEM) &&
- ((((Item_func *) value_item)->functype() ==
- Item_func::COLLATE_FUNC) ||
- ((((Item_func *) value_item)->functype() ==
- Item_func::NEG_FUNC) &&
- (((Item_func *) value_item)->key_item()->type() !=
- FUNC_ITEM)))))))
- my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST");
Item::maybe_null= TRUE;
+ valid_args= true;
+ if (!name_item->basic_const_item())
+ goto err;
+
+ if (value_item->basic_const_item())
+ return; // ok
+
+ if (value_item->type() == FUNC_ITEM)
+ {
+ Item_func *value_func= (Item_func *) value_item;
+ if (value_func->functype() != Item_func::COLLATE_FUNC &&
+ value_func->functype() != Item_func::NEG_FUNC)
+ goto err;
+
+ if (value_func->key_item()->basic_const_item())
+ return; // ok
+ }
+
+err:
+ valid_args= false;
+ my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST");
}
diff --git a/sql/scheduler.cc b/sql/scheduler.cc
index 2f8aa2bef11..a2d53176c3c 100644
--- a/sql/scheduler.cc
+++ b/sql/scheduler.cc
@@ -69,7 +69,6 @@ static bool no_threads_end(THD *thd, bool put_in_cache)
void one_thread_scheduler(scheduler_functions *func)
{
func->max_threads= 1;
- max_connections= 1;
func->max_connections= &max_connections;
func->connection_count= &connection_count;
#ifndef EMBEDDED_LIBRARY
diff --git a/storage/innodb_plugin/row/row0mysql.c b/storage/innodb_plugin/row/row0mysql.c
index 9379912a218..fc934f3771e 100644
--- a/storage/innodb_plugin/row/row0mysql.c
+++ b/storage/innodb_plugin/row/row0mysql.c
@@ -1079,7 +1079,6 @@ row_insert_for_mysql(
ins_node_t* node = prebuilt->ins_node;
ut_ad(trx);
- ut_ad(trx->mysql_thread_id == os_thread_get_curr_id());
if (prebuilt->table->ibd_file_missing) {
ut_print_timestamp(stderr);
@@ -1313,7 +1312,6 @@ row_update_for_mysql(
trx_t* trx = prebuilt->trx;
ut_ad(prebuilt && trx);
- ut_ad(trx->mysql_thread_id == os_thread_get_curr_id());
UT_NOT_USED(mysql_rec);
if (prebuilt->table->ibd_file_missing) {
@@ -1483,7 +1481,6 @@ row_unlock_for_mysql(
trx_t* trx = prebuilt->trx;
ut_ad(prebuilt && trx);
- ut_ad(trx->mysql_thread_id == os_thread_get_curr_id());
if (UNIV_UNLIKELY
(!srv_locks_unsafe_for_binlog
@@ -2724,7 +2721,6 @@ row_truncate_table_for_mysql(
redo log records on the truncated tablespace, we will assign
a new tablespace identifier to the truncated tablespace. */
- ut_ad(trx->mysql_thread_id == os_thread_get_curr_id());
ut_ad(table);
if (srv_created_new_raw) {
diff --git a/storage/innodb_plugin/row/row0sel.c b/storage/innodb_plugin/row/row0sel.c
index d825d799a3c..4b3fdfd6541 100644
--- a/storage/innodb_plugin/row/row0sel.c
+++ b/storage/innodb_plugin/row/row0sel.c
@@ -3434,7 +3434,6 @@ row_search_for_mysql(
rec_offs_init(offsets_);
ut_ad(index && pcur && search_tuple);
- ut_ad(trx->mysql_thread_id == os_thread_get_curr_id());
if (UNIV_UNLIKELY(prebuilt->table->ibd_file_missing)) {
ut_print_timestamp(stderr);
diff --git a/storage/xtradb/row/row0mysql.c b/storage/xtradb/row/row0mysql.c
index c56711cadc4..db8e61c3502 100644
--- a/storage/xtradb/row/row0mysql.c
+++ b/storage/xtradb/row/row0mysql.c
@@ -1084,7 +1084,6 @@ row_insert_for_mysql(
ins_node_t* node = prebuilt->ins_node;
ut_ad(trx);
- ut_ad(trx->mysql_thread_id == os_thread_get_curr_id());
if (prebuilt->table->ibd_file_missing) {
ut_print_timestamp(stderr);
@@ -1326,7 +1325,6 @@ row_update_for_mysql(
trx_t* trx = prebuilt->trx;
ut_ad(prebuilt && trx);
- ut_ad(trx->mysql_thread_id == os_thread_get_curr_id());
UT_NOT_USED(mysql_rec);
if (prebuilt->table->ibd_file_missing) {
@@ -1497,7 +1495,6 @@ row_unlock_for_mysql(
trx_t* trx = prebuilt->trx;
ut_ad(prebuilt && trx);
- ut_ad(trx->mysql_thread_id == os_thread_get_curr_id());
if (UNIV_UNLIKELY
(!srv_locks_unsafe_for_binlog
@@ -2830,7 +2827,6 @@ row_truncate_table_for_mysql(
redo log records on the truncated tablespace, we will assign
a new tablespace identifier to the truncated tablespace. */
- ut_ad(trx->mysql_thread_id == os_thread_get_curr_id());
ut_ad(table);
if (srv_created_new_raw) {
diff --git a/storage/xtradb/row/row0sel.c b/storage/xtradb/row/row0sel.c
index cfe1c9934bb..cb485e5c1f0 100644
--- a/storage/xtradb/row/row0sel.c
+++ b/storage/xtradb/row/row0sel.c
@@ -3553,7 +3553,6 @@ row_search_for_mysql(
rec_offs_init(offsets_);
ut_ad(index && pcur && search_tuple);
- ut_ad(trx->mysql_thread_id == os_thread_get_curr_id());
if (UNIV_UNLIKELY(prebuilt->table->ibd_file_missing)) {
ut_print_timestamp(stderr);
View Lorry Controller Status