Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings

ESCAPE argument might be empty string. It leads to server crash under some circumstances. The fix: -added check if ESCAPE argument result is not empty string mysql-test/r/ctype_latin1.result: test case mysql-test/t/ctype_latin1.test: test case sql/item_cmpfunc.cc: -added check if ESCAPE argument result is not empty string
2025-01-16 03:52:35 +01:00 · 2010-11-18 11:53:08 +03:00 · 2010-11-18 11:53:08 +03:00 · 1c94d43bbb
commit 1c94d43bbb
parent 21bc09c26b
3 changed files with 19 additions and 5 deletions
--- a/mysql-test/r/ctype_latin1.result
+++ b/mysql-test/r/ctype_latin1.result
@ -409,3 +409,11 @@ select hex(cast(_ascii 0x7f as char(1) character set latin1));
 hex(cast(_ascii 0x7f as char(1) character set latin1))
 7F
 End of 5.0 tests
+#
+# Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
+#
+SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
+'' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '')
+1
+Warnings:
+Warning	1292	Truncated incorrect INTEGER value: ''
--- a/mysql-test/t/ctype_latin1.test
+++ b/mysql-test/t/ctype_latin1.test
@ -127,3 +127,8 @@ DROP TABLE `abc
 select hex(cast(_ascii 0x7f as char(1) character set latin1));

 --echo End of 5.0 tests
+
+--echo #
+--echo # Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
+--echo #
+SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@ -4692,6 +4692,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
    String *escape_str= escape_item->val_str(&cmp.value1);
    if (escape_str)
    {
+      const char *escape_str_ptr= escape_str->ptr();
      if (escape_used_in_parsing && (
             (((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) &&
                escape_str->numchars() != 1) ||
@ -4706,9 +4707,9 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
        CHARSET_INFO *cs= escape_str->charset();
        my_wc_t wc;
        int rc= cs->cset->mb_wc(cs, &wc,
-                                (const uchar*) escape_str->ptr(),
-                                (const uchar*) escape_str->ptr() +
-                                               escape_str->length());
+                                (const uchar*) escape_str_ptr,
+                                (const uchar*) escape_str_ptr +
+                                escape_str->length());
        escape= (int) (rc > 0 ? wc : '\\');
      }
      else
@ -4725,13 +4726,13 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
        {
          char ch;
          uint errors;
-          uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str->ptr(),
+          uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str_ptr,
                                          escape_str->length(),
                                          escape_str->charset(), &errors);
          escape= cnvlen ? ch : '\\';
        }
        else
-          escape= *(escape_str->ptr());
+          escape= escape_str_ptr ? *escape_str_ptr : '\\';
      }
    }
    else