From 54d63578375b07500e9fe1ce7467b5ca48b46d8a Mon Sep 17 00:00:00 2001 From: Magne Mahre Date: Thu, 18 Nov 2010 14:02:24 +0100 Subject: [PATCH] Bug#58199 name_const in the having clause crashes NAME_CONST(..) was used wrongly in a HAVING clause, and should have caused a user error. Instead, it caused a segmentation fault. During parsing, the value parameter to NAME_CONST was specified to be an uninitialized Item_ref object (it would be resolved later). During the semantic analysis, the object is tested, and since it was not initialied, the server seg.faulted. The fix is to check if the object is initialized before testing it. The same pattern has already been applied to most other methods in the Item_ref class. Bug was introduced by the optimization done as part of Bug#33546. --- mysql-test/r/func_misc.result | 8 +++++++- mysql-test/t/func_misc.test | 13 ++++++++++++- sql/item.h | 2 +- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/mysql-test/r/func_misc.result b/mysql-test/r/func_misc.result index 85448a258e4..3c5dc0faa0c 100644 --- a/mysql-test/r/func_misc.result +++ b/mysql-test/r/func_misc.result @@ -375,4 +375,10 @@ GREATEST(a, (SELECT b FROM t1 LIMIT 1)) 3 1 DROP TABLE t1; -End of 5.1 tests +# +# Bug #58199: name_const in the having clause crashes +# +CREATE TABLE t1 (a INT); +SELECT 1 from t1 HAVING NAME_CONST('', a); +ERROR HY000: Incorrect arguments to NAME_CONST +DROP TABLE t1; diff --git a/mysql-test/t/func_misc.test b/mysql-test/t/func_misc.test index ec71e950ca7..8cea850b184 100644 --- a/mysql-test/t/func_misc.test +++ b/mysql-test/t/func_misc.test @@ -504,4 +504,15 @@ SELECT DISTINCT GREATEST(a, (SELECT b FROM t1 LIMIT 1)) FROM t1 UNION SELECT 1; DROP TABLE t1; ---echo End of 5.1 tests +--echo # +--echo # Bug #58199: name_const in the having clause crashes +--echo # + +CREATE TABLE t1 (a INT); + +# NAME_CONST() would seg.fault when used wrongly in a HAVING clause +--error ER_WRONG_ARGUMENTS +SELECT 1 from t1 HAVING NAME_CONST('', a); + +DROP TABLE t1; + diff --git a/sql/item.h b/sql/item.h index 8e8199ecac8..e65bacf4cb7 100644 --- a/sql/item.h +++ b/sql/item.h @@ -2572,7 +2572,7 @@ public: DBUG_ASSERT(fixed); return (*ref)->get_time(ltime); } - virtual bool basic_const_item() const { return (*ref)->basic_const_item(); } + virtual bool basic_const_item() const { return ref && (*ref)->basic_const_item(); } bool is_outer_field() const { DBUG_ASSERT(fixed);