From 5803e106282eddbfed171f5d76f5357418d32af7 Mon Sep 17 00:00:00 2001 From: Sergey Vojtovich Date: Thu, 12 Feb 2009 13:49:44 +0400 Subject: [PATCH] BUG#36737 - having + full text operator crashes mysql MATCH() function accepts column list as an argument. It was possible to override this requirement with aliased non-column select expression. Which results in server crash. With this fix aliased non-column select expressions are not accepted by MATCH() function, returning an error. mysql-test/r/fulltext.result: A test case for BUG#36737. mysql-test/t/fulltext.test: A test case for BUG#36737. sql/item_func.cc: Only accept fields as arguments to MATCH(). --- mysql-test/r/fulltext.result | 4 ++++ mysql-test/t/fulltext.test | 8 ++++++++ sql/item_func.cc | 5 ++++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/fulltext.result b/mysql-test/r/fulltext.result index 6821691c9d0..6ea17644f9d 100644 --- a/mysql-test/r/fulltext.result +++ b/mysql-test/r/fulltext.result @@ -506,3 +506,7 @@ SELECT MATCH(a) AGAINST('aaa1* aaa14 aaa15 aaa16' IN BOOLEAN MODE) FROM t1; MATCH(a) AGAINST('aaa1* aaa14 aaa15 aaa16' IN BOOLEAN MODE) 2 DROP TABLE t1; +CREATE TABLE t1(a TEXT); +SELECT GROUP_CONCAT(a) AS st FROM t1 HAVING MATCH(st) AGAINST('test' IN BOOLEAN MODE); +ERROR HY000: Incorrect arguments to AGAINST +DROP TABLE t1; diff --git a/mysql-test/t/fulltext.test b/mysql-test/t/fulltext.test index 77d84c730d9..76661ba4e63 100644 --- a/mysql-test/t/fulltext.test +++ b/mysql-test/t/fulltext.test @@ -432,3 +432,11 @@ INSERT INTO t1 VALUES('aaa15'); SELECT MATCH(a) AGAINST('aaa1* aaa14 aaa16' IN BOOLEAN MODE) FROM t1; SELECT MATCH(a) AGAINST('aaa1* aaa14 aaa15 aaa16' IN BOOLEAN MODE) FROM t1; DROP TABLE t1; + +# +# BUG#36737 - having + full text operator crashes mysql +# +CREATE TABLE t1(a TEXT); +--error ER_WRONG_ARGUMENTS +SELECT GROUP_CONCAT(a) AS st FROM t1 HAVING MATCH(st) AGAINST('test' IN BOOLEAN MODE); +DROP TABLE t1; diff --git a/sql/item_func.cc b/sql/item_func.cc index 913b32ccb88..55324923fe2 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -4961,7 +4961,10 @@ bool Item_func_match::fix_fields(THD *thd, Item **ref) if (item->type() == Item::REF_ITEM) args[i]= item= *((Item_ref *)item)->ref; if (item->type() != Item::FIELD_ITEM) - key=NO_SUCH_KEY; + { + my_error(ER_WRONG_ARGUMENTS, MYF(0), "AGAINST"); + return TRUE; + } } /* Check that all columns come from the same table.