From 5fbc2904bccbcd5e3609a4a660105ccab117c7c6 Mon Sep 17 00:00:00 2001
From: Sergey Glukhov <Sergey.Glukhov@sun.com>
Date: Thu, 10 Sep 2009 15:24:07 +0500
Subject: Bug#46815 CONCAT_WS returning wrong data The problem is that argument
 buffer can be used as result buffer and it leads to argument value change.
 The fix is to use 'old buffer' as result buffer only if first argument is not
 constant item.

---
 sql/item_strfunc.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'sql/item_strfunc.cc')

diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index e3fe67f4324..6f697a1665a 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -600,6 +600,7 @@ String *Item_func_concat_ws::val_str(String *str)
   String tmp_sep_str(tmp_str_buff, sizeof(tmp_str_buff),default_charset_info),
          *sep_str, *res, *res2,*use_as_buff;
   uint i;
+  bool is_const= 0;
 
   null_value=0;
   if (!(sep_str= args[0]->val_str(&tmp_sep_str)))
@@ -613,7 +614,11 @@ String *Item_func_concat_ws::val_str(String *str)
   // If not, return the empty string
   for (i=1; i < arg_count; i++)
     if ((res= args[i]->val_str(str)))
+    {
+      is_const= args[i]->const_item() || !args[i]->used_tables();
       break;
+    }
+
   if (i ==  arg_count)
     return &my_empty_string;
 
@@ -631,7 +636,7 @@ String *Item_func_concat_ws::val_str(String *str)
 			  current_thd->variables.max_allowed_packet);
       goto null;
     }
-    if (res->alloced_length() >=
+    if (!is_const && res->alloced_length() >=
 	res->length() + sep_str->length() + res2->length())
     {						// Use old buffer
       res->append(*sep_str);			// res->length() > 0 always
-- 
cgit v1.2.1