From eeb8bce9111101b50d665cac28b8789372ddfcd4 Mon Sep 17 00:00:00 2001
From: Jorgen Loland <jorgen.loland@oracle.com>
Date: Thu, 4 Nov 2010 09:36:04 +0100
Subject: [PATCH] Bug#57882 - Item_func_conv_charset::val_str(String*):        
     Assertion `fixed == 1' failed

(also fixes duplicate bug 57515)

agg_item_set_converter() (item.cc) handles conversion of
character sets by creating a new Item. fix_fields() is then
called on this newly created item. Prior to this patch, it was
not checked whether fix_fields() was successful or not. Thus,
agg_item_set_converter() would return success even when an
error occured. This patch makes it return error (TRUE) if
fix_fields() fails.
---
 mysql-test/r/errors.result | 12 ++++++++++++
 mysql-test/t/errors.test   | 16 ++++++++++++++++
 sql/item.cc                | 11 ++++++-----
 3 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/mysql-test/r/errors.result b/mysql-test/r/errors.result
index 3d247a242a3..43cabd28498 100644
--- a/mysql-test/r/errors.result
+++ b/mysql-test/r/errors.result
@@ -134,3 +134,15 @@ INSERT INTO t1 VALUES ('abc\0\0');
 INSERT INTO t1 VALUES ('abc\0\0');
 ERROR 23000: Duplicate entry 'abc\x00\x00' for key 'PRIMARY'
 DROP TABLE t1;
+#
+# Bug#57882: Item_func_conv_charset::val_str(String*): 
+#            Assertion `fixed == 1' failed
+#
+SELECT (CONVERT('0' USING latin1) IN (CHAR(COT('v') USING utf8),''));
+ERROR 22003: DOUBLE value is out of range in 'cot('v')'
+SET NAMES utf8 COLLATE utf8_latvian_ci ;
+SELECT UPDATEXML(-73 * -2465717823867977728,@@global.slave_net_timeout,null);
+ERROR 22003: BIGINT value is out of range in '(-(73) * -(2465717823867977728))'
+#
+# End Bug#57882
+#
diff --git a/mysql-test/t/errors.test b/mysql-test/t/errors.test
index f308c340645..8de5889f1c6 100644
--- a/mysql-test/t/errors.test
+++ b/mysql-test/t/errors.test
@@ -155,3 +155,19 @@ INSERT INTO t1 VALUES ('abc\0\0');
 --error ER_DUP_ENTRY
 INSERT INTO t1 VALUES ('abc\0\0');
 DROP TABLE t1;
+
+--echo #
+--echo # Bug#57882: Item_func_conv_charset::val_str(String*): 
+--echo #            Assertion `fixed == 1' failed
+--echo #
+
+--error ER_DATA_OUT_OF_RANGE
+SELECT (CONVERT('0' USING latin1) IN (CHAR(COT('v') USING utf8),''));
+
+SET NAMES utf8 COLLATE utf8_latvian_ci ;
+--error ER_DATA_OUT_OF_RANGE
+SELECT UPDATEXML(-73 * -2465717823867977728,@@global.slave_net_timeout,null);
+
+--echo #
+--echo # End Bug#57882
+--echo #
diff --git a/sql/item.cc b/sql/item.cc
index b166f3e645f..3594bf45798 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -1853,11 +1853,12 @@ bool agg_item_set_converter(DTCollation &coll, const char *fname,
       *arg= conv;
     else
       thd->change_item_tree(arg, conv);
-    /*
-      We do not check conv->fixed, because Item_func_conv_charset which can
-      be return by safe_charset_converter can't be fixed at creation
-    */
-    conv->fix_fields(thd, arg);
+
+    if (conv->fix_fields(thd, arg))
+    {
+      res= TRUE;
+      break; // we cannot return here, we need to restore "arena".
+    }
   }
   if (arena)
     thd->restore_active_arena(arena, &backup);