Fixed bug#13575: SP funcs in select with distinct/group and order by can

produce wrong data

By default Item_sp_func::val_str() returns string from it's result_field 
internal buffer. When grouping is present Item_copy_string is used to 
store SP function result, but it doesn't additionally buffer the result.
When the next record is read, internal buffer is overwritten, due to
this Item_copy_string::val_str() will have wrong data. Thus producing
weird query result.

The Item_func_sp::val_str() now makes a copy of returned value to prevent
occasional corruption.
This commit is contained in:
evgen@moonbone.local 2006-03-10 13:53:00 +03:00
parent ed50702744
commit c5493b6316
3 changed files with 45 additions and 1 deletions

View file

@ -4786,4 +4786,20 @@ i
0
drop table t3|
drop procedure bug16887|
create table t3 (f1 int, f2 varchar(3), primary key(f1)) engine=innodb|
insert into t3 values (1,'aaa'),(2,'bbb'),(3,'ccc')|
CREATE FUNCTION bug13575 ( p1 integer )
returns varchar(3)
BEGIN
DECLARE v1 VARCHAR(10) DEFAULT null;
SELECT f2 INTO v1 FROM t3 WHERE f1 = p1;
RETURN v1;
END|
select distinct f1, bug13575(f1) from t3 order by f1|
f1 bug13575(f1)
1 aaa
2 bbb
3 ccc
drop function bug13575;
drop table t3|
drop table t1,t2;

View file

@ -5630,6 +5630,22 @@ call bug16887()|
drop table t3|
drop procedure bug16887|
#
# Bug#13575 SP funcs in select with distinct/group and order by can
# produce bad data
#
create table t3 (f1 int, f2 varchar(3), primary key(f1)) engine=innodb|
insert into t3 values (1,'aaa'),(2,'bbb'),(3,'ccc')|
CREATE FUNCTION bug13575 ( p1 integer )
returns varchar(3)
BEGIN
DECLARE v1 VARCHAR(10) DEFAULT null;
SELECT f2 INTO v1 FROM t3 WHERE f1 = p1;
RETURN v1;
END|
select distinct f1, bug13575(f1) from t3 order by f1|
drop function bug13575;
drop table t3|
#
# BUG#NNNN: New bug synopsis

View file

@ -1421,9 +1421,21 @@ public:
String *val_str(String *str)
{
String buf;
char buff[20];
buf.set(buff, 20, str->charset());
buf.length(0);
if (execute(&result_field))
return NULL;
return result_field->val_str(str);
/*
result_field will set buf pointing to internal buffer
of the resul_field. Due to this it will change any time
when SP is executed. In order to prevent occasional
corruption of returned value, we make here a copy.
*/
result_field->val_str(&buf);
str->copy(buf);
return str;
}
virtual bool change_context_processor(byte *cntx)