From ad031d51100555dd1b77baaa075d2f7c8790571b Mon Sep 17 00:00:00 2001
From: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
Date: Mon, 12 Mar 2012 08:56:56 +0100
Subject: Bug#13031606 VALUES() IN A SELECT STATEMENT CRASHES SERVER

Problem: Grouping results by VALUES(alias for string literal) causes
the server to crash.

Item_insert_values is not constructed to handle other types of
arguments than field and reference to field. In this case, the
argument is an Item_string, and this causes
Item_insert_values::fix_fields() to crash.

Fix: Issue an error message when the argument to Item_insert_values is
not a field or a reference to a field.

This is slightly in breach with documentation, which states that
VALUES should return NULL, but the error message is only issued in
cases where the server otherwise would crash, so there is no change in
behavior for queries that already work. Future versions will restrict
syntax so that using VALUES in this way is illegal.


mysql-test/r/errors.result:
  Add test case for bug #13031606.
mysql-test/t/errors.test:
  Add test case for bug #13031606.
sql/item.cc:
  Issue error message if argument is not field or reference to field.
---
 mysql-test/r/errors.result | 14 ++++++++++++++
 mysql-test/t/errors.test   | 18 ++++++++++++++++++
 2 files changed, 32 insertions(+)

(limited to 'mysql-test')

diff --git a/mysql-test/r/errors.result b/mysql-test/r/errors.result
index 022a32d9c9b..bcc92296945 100644
--- a/mysql-test/r/errors.result
+++ b/mysql-test/r/errors.result
@@ -55,3 +55,17 @@ Error	1054	Unknown column 'b' in 'field list'
 INSERT INTO t1 SELECT b FROM t1;
 ERROR 42S22: Unknown column 'b' in 'field list'
 DROP TABLE t1;
+CREATE TABLE t1 (a INT);
+CREATE TABLE t2(a INT PRIMARY KEY, b INT);
+SELECT '' AS b FROM t1 GROUP BY VALUES(b);
+ERROR 42S22: Unknown column '' in 'VALUES() function'
+REPLACE t2(b) SELECT '' AS b FROM t1 GROUP BY VALUES(b);
+ERROR 42S22: Unknown column '' in 'VALUES() function'
+UPDATE t2 SET a=(SELECT '' AS b FROM t1 GROUP BY VALUES(b));
+ERROR 42S22: Unknown column '' in 'VALUES() function'
+INSERT INTO t2 VALUES (1,0) ON DUPLICATE KEY UPDATE
+b=(SELECT '' AS b FROM t1 GROUP BY VALUES(b));
+ERROR 42S22: Unknown column '' in 'VALUES() function'
+INSERT INTO t2(a,b) VALUES (1,0) ON DUPLICATE KEY UPDATE
+b=(SELECT VALUES(a)+2 FROM t1);
+DROP TABLE t1, t2;
diff --git a/mysql-test/t/errors.test b/mysql-test/t/errors.test
index 89579ec1739..b426d9fd5b0 100644
--- a/mysql-test/t/errors.test
+++ b/mysql-test/t/errors.test
@@ -67,3 +67,21 @@ SHOW ERRORS;
 INSERT INTO t1 SELECT b FROM t1;
 DROP TABLE t1;
 # End of 5.0 tests
+
+#
+# Bug #13031606 VALUES() IN A SELECT STATEMENT CRASHES SERVER
+#
+CREATE TABLE t1 (a INT);
+CREATE TABLE t2(a INT PRIMARY KEY, b INT);
+--error ER_BAD_FIELD_ERROR
+SELECT '' AS b FROM t1 GROUP BY VALUES(b);
+--error ER_BAD_FIELD_ERROR
+REPLACE t2(b) SELECT '' AS b FROM t1 GROUP BY VALUES(b);
+--error ER_BAD_FIELD_ERROR
+UPDATE t2 SET a=(SELECT '' AS b FROM t1 GROUP BY VALUES(b));
+--error ER_BAD_FIELD_ERROR
+INSERT INTO t2 VALUES (1,0) ON DUPLICATE KEY UPDATE
+  b=(SELECT '' AS b FROM t1 GROUP BY VALUES(b));
+INSERT INTO t2(a,b) VALUES (1,0) ON DUPLICATE KEY UPDATE
+  b=(SELECT VALUES(a)+2 FROM t1);
+DROP TABLE t1, t2;
-- 
cgit v1.2.1