From f06443ce5f9ca8a65b60b595b2095f76d8f65206 Mon Sep 17 00:00:00 2001 From: Sreeharsha Ramanavarapu Date: Thu, 16 Nov 2017 09:31:12 +0530 Subject: Bug #26881946: INCORRECT BEHAVIOR WITH "VALUES" Issue: ------ VALUES doesn't have a type() function and is considered a Item_field. Solution for 5.7: ----------------- Add a new type() function for Item_values_insert. On 8.0 and trunk it was fixed by Mithun's Bug#19601973. Solution for 5.6: ----------------- Additionally Bug#17458914 is backported. This will address the problem of using VALUES() in INSERT ... ON DUPLICATE KEY UPDATE. Create a field object only if it is in the UPDATE clause, else return a NULL item. This will also address the problems mentioned in Bug#14789787 and Bug#16756402. Solution for 5.5: ----------------- As mentioned above Bug#17458914 is backported. Additionally Bug#14786324 is also backported. When VALUES() is detected outside its meaningful place, it should be treated as NULL and is thus replaced with a Field_null object, with the same name as the original field. Fields with type NULL are generally not handled well inside the server (e.g Innodb will not accept them and it is impossible to create them in regular tables). So create a new const NULL item instead. --- sql/item.cc | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) (limited to 'sql/item.cc') diff --git a/sql/item.cc b/sql/item.cc index 6f1fdaae398..a37a61453e8 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -7120,7 +7120,7 @@ Item *Item_default_value::transform(Item_transformer transformer, uchar *args) bool Item_insert_value::eq(const Item *item, bool binary_cmp) const { return item->type() == INSERT_VALUE_ITEM && - ((Item_default_value *)item)->arg->eq(arg, binary_cmp); + ((Item_insert_value *)item)->arg->eq(arg, binary_cmp); } @@ -7149,11 +7149,12 @@ bool Item_insert_value::fix_fields(THD *thd, Item **items) Item_field *field_arg= (Item_field *)arg; - if (field_arg->field->table->insert_values) + if (field_arg->field->table->insert_values && + thd->lex->in_update_value_clause) { Field *def_field= (Field*) sql_alloc(field_arg->field->size_of()); if (!def_field) - return TRUE; + return true; memcpy(def_field, field_arg->field, field_arg->field->size_of()); def_field->move_field_offset((my_ptrdiff_t) (def_field->table->insert_values - @@ -7162,17 +7163,17 @@ bool Item_insert_value::fix_fields(THD *thd, Item **items) } else { - Field *tmp_field= field_arg->field; - /* charset doesn't matter here, it's to avoid sigsegv only */ - tmp_field= new Field_null(0, 0, Field::NONE, field_arg->field->field_name, - &my_charset_bin); - if (tmp_field) - { - tmp_field->init(field_arg->field->table); - set_field(tmp_field); - } + // VALUES() is used out-of-scope - its value is always NULL + Query_arena backup; + Query_arena *const arena= thd->activate_stmt_arena_if_needed(&backup); + Item *const item= new Item_null(this->name); + if (arena) + thd->restore_active_arena(arena, &backup); + if (!item) + return TRUE; + *items= item; } - return FALSE; + return false; } void Item_insert_value::print(String *str, enum_query_type query_type) -- cgit v1.2.1 From ba8d0fa700a73893979793785ed53f7bbd950df8 Mon Sep 17 00:00:00 2001 From: Oleksandr Byelkin Date: Mon, 15 Jan 2018 14:50:35 +0100 Subject: MDEV-14786: Server crashes in Item_cond::transform on 2nd execution of SP querying from a view MDEV-14957: JOIN::prepare gets unusable "conds" as argument Do not touch merged derived (it is irreversible) Fix first argument of in_optimizer for calls possible before fix_fields() --- sql/item.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql/item.cc') diff --git a/sql/item.cc b/sql/item.cc index 576dce78299..08a00615c0c 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -10010,7 +10010,7 @@ const char *dbug_print_item(Item *item) if (!item) return "(Item*)NULL"; item->print(&str ,QT_ORDINARY); - if (str.c_ptr() == buf) + if (str.c_ptr_safe() == buf) return buf; else return "Couldn't fit into buffer"; -- cgit v1.2.1