From ae2380452f46d720247f734630ef97e7203c73ad Mon Sep 17 00:00:00 2001
From: MySQL Build Team <build@mysql.com>
Date: Tue, 21 Jul 2009 19:56:35 +0200
Subject: [PATCH] Backport into build-200907211706-5.0.82sp1

> ------------------------------------------------------------
> revno: 2763
> revision-id: sergey.glukhov@sun.com-20090602063813-33mh88cz5vpa2jqe
> parent: alexey.kopytov@sun.com-20090601124224-zgt3yov9wou590e9
> committer: Sergey Glukhov <Sergey.Glukhov@sun.com>
> branch nick: mysql-5.0-bugteam
> timestamp: Tue 2009-06-02 11:38:13 +0500
> message:
>   Bug#45152 crash with round() function on longtext column in a derived table
>   The crash happens due to wrong max_length value which is set on
>   Item_func_round::fix_length_and_dec() stage. The value is set to
>   args[0]->max_length which is too big in case of LONGTEXT(LONGBLOB) fields.
>   The fix is to set max_length using float_length() function.
---
 mysql-test/r/func_math.result | 7 +++++++
 mysql-test/t/func_math.test   | 9 +++++++++
 sql/item_func.cc              | 4 ++--
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/func_math.result b/mysql-test/r/func_math.result
index 87cfb5b86a5..9681a8a4302 100644
--- a/mysql-test/r/func_math.result
+++ b/mysql-test/r/func_math.result
@@ -390,4 +390,11 @@ a	ROUND(a)
 -1e+16	-10000000000000002
 1e+16	10000000000000002
 DROP TABLE t1;
+CREATE TABLE t1(f1 LONGTEXT) engine=myisam;
+INSERT INTO t1 VALUES ('a');
+SELECT 1 FROM (SELECT ROUND(f1) AS a FROM t1) AS s WHERE a LIKE 'a';
+1
+SELECT 1 FROM (SELECT ROUND(f1, f1) AS a FROM t1) AS s WHERE a LIKE 'a';
+1
+DROP TABLE t1;
 End of 5.0 tests
diff --git a/mysql-test/t/func_math.test b/mysql-test/t/func_math.test
index 593cfe90c1b..2c1094213e4 100644
--- a/mysql-test/t/func_math.test
+++ b/mysql-test/t/func_math.test
@@ -250,4 +250,13 @@ SELECT a, ROUND(a) FROM t1;
 
 DROP TABLE t1;
 
+#
+# Bug#45152 crash with round() function on longtext column in a derived table
+#
+CREATE TABLE t1(f1 LONGTEXT) engine=myisam;
+INSERT INTO t1 VALUES ('a');
+SELECT 1 FROM (SELECT ROUND(f1) AS a FROM t1) AS s WHERE a LIKE 'a';
+SELECT 1 FROM (SELECT ROUND(f1, f1) AS a FROM t1) AS s WHERE a LIKE 'a';
+DROP TABLE t1;
+
 --echo End of 5.0 tests
diff --git a/sql/item_func.cc b/sql/item_func.cc
index 3cbb278ea48..a93240a94d6 100644
--- a/sql/item_func.cc
+++ b/sql/item_func.cc
@@ -1958,8 +1958,8 @@ void Item_func_round::fix_length_and_dec()
   unsigned_flag= args[0]->unsigned_flag;
   if (!args[1]->const_item())
   {
-    max_length= args[0]->max_length;
     decimals= args[0]->decimals;
+    max_length= float_length(decimals);
     if (args[0]->result_type() == DECIMAL_RESULT)
     {
       max_length++;
@@ -1979,8 +1979,8 @@ void Item_func_round::fix_length_and_dec()
 
   if (args[0]->decimals == NOT_FIXED_DEC)
   {
-    max_length= args[0]->max_length;
     decimals= min(decimals_to_set, NOT_FIXED_DEC);
+    max_length= float_length(decimals);
     hybrid_type= REAL_RESULT;
     return;
   }