BUG#20769: Dangling pointer in ctype_recoding test case.

In some functions dealing with strings and character sets, the wrong pointers were saved for restoration in THD::rollback_item_tree_changes(). This could potentially cause random corruption or crashes. Fixed by passing the original Item ** locations, not local stack copies. Also remove unnecessary use of default arguments. sql/item.cc: Function agg_item_charsets() now handles non-consequtive Item *'s. sql/item.h: Remove use of default argument. sql/item_cmpfunc.cc: Remove use of default argument. sql/item_func.cc: Remove use of default argument. sql/item_func.h: Function agg_item_charsets() now handles non-consequtive Item *'s. sql/item_strfunc.cc: Pass original Item **'s to agg_arg_charsets(), not local copies, to ensure proper restoration in THD::rollback_item_tree_changes(). sql/item_sum.cc: Remove use of default argument.
2026-04-26 10:15:29 +02:00 · 2006-06-30 09:26:36 +02:00 · 2006-06-30 09:26:36 +02:00 · d9cb536a55
commit d9cb536a55
parent ce5ed66f2a
7 changed files with 71 additions and 75 deletions
--- a/sql/item_sum.cc
+++ b/sql/item_sum.cc
@ -3229,7 +3229,7 @@ Item_func_group_concat::fix_fields(THD *thd, Item **ref)
                        args,
 			/* skip charset aggregation for order columns */
 			arg_count - arg_count_order,
-			MY_COLL_ALLOW_CONV))
+			MY_COLL_ALLOW_CONV, 1))
    return 1;

  result.set_charset(collation.collation);