From 7bf234032a6debc28f24fbbffe7e3cacb7b1803b Mon Sep 17 00:00:00 2001
From: Tor Didriksen <tor.didriksen@oracle.com>
Date: Fri, 14 Jan 2011 10:05:14 +0100
Subject: Bug #59241 invalid memory read in do_div_mod with doubly assigned
 variables

Fix: copy my_decimal by value, to avoid dangling pointers.


mysql-test/r/func_math.result:
  New test case.
mysql-test/t/func_math.test:
  New test case.
sql/item_cmpfunc.cc:
  No need to call fix_buffer_pointer() anymore.
sql/item_func.cc:
  Copy my_decimal by value, to avoid dangling pointers.
sql/my_decimal.h:
  Implement proper copy constructor and assignment operator for my_decimal.
sql/sql_analyse.cc:
  No need to call fix_buffer_pointer() anymore.
strings/decimal.c:
  Remove #line directive: it messes up TAGS and it confuses gdb when debugging.
---
 mysql-test/r/func_math.result | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'mysql-test/r/func_math.result')

diff --git a/mysql-test/r/func_math.result b/mysql-test/r/func_math.result
index 31648aae7b0..db4f6ddcf20 100644
--- a/mysql-test/r/func_math.result
+++ b/mysql-test/r/func_math.result
@@ -641,3 +641,12 @@ INSERT INTO t1 (SELECT -pi());
 Warnings:
 Warning	1265	Data truncated for column 'a' at row 1
 DROP TABLE t1;
+#
+# Bug #59241 invalid memory read
+#            in do_div_mod with doubly assigned variables
+#
+SELECT ((@a:=@b:=1.0) div (@b:=@a:=get_format(datetime, 'usa')));
+((@a:=@b:=1.0) div (@b:=@a:=get_format(datetime, 'usa')))
+NULL
+Warnings:
+Warning	1366	Incorrect decimal value: '' for column '' at row -1
-- 
cgit v1.2.1