diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2014-02-12 21:17:28 +0100 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2014-02-12 21:17:28 +0100 |
| commit | 52f038c5c3a065d2c68197535d844f6ed00a09cc (patch) | |
| tree | 4448c8f0baa6a59eb39034c6b92ce2020d18c52f | |
| parent | 16e0cae0ccaf1e744d29c55cc96b8d9a53e589c0 (diff) | |
| download | mariadb-git-52f038c5c3a065d2c68197535d844f6ed00a09cc.tar.gz | |
MDEV-5655 Server crashes on NAME_CONST containing AND/OR expressions
fix the NAME_CONST check to only allow literals, negated literals, and literals with
the explicit collation.
| -rw-r--r-- | mysql-test/r/func_misc.result | 7 | ||||
| -rw-r--r-- | mysql-test/t/func_misc.test | 10 | ||||
| -rw-r--r-- | sql/item.cc | 31 |
3 files changed, 38 insertions, 10 deletions
diff --git a/mysql-test/r/func_misc.result b/mysql-test/r/func_misc.result index 5910a45c839..56d27ff78be 100644 --- a/mysql-test/r/func_misc.result +++ b/mysql-test/r/func_misc.result @@ -265,3 +265,10 @@ SELECT '1' IN ('1', INET_NTOA(0)); '1' IN ('1', INET_NTOA(0)) 1 End of tests +SELECT NAME_CONST('a', -(1 OR 2)) OR 1; +ERROR HY000: Incorrect arguments to NAME_CONST +SELECT NAME_CONST('a', -(1 AND 2)) AND 1; +ERROR HY000: Incorrect arguments to NAME_CONST +SELECT NAME_CONST('a', -(1)) OR 1; +NAME_CONST('a', -(1)) OR 1 +1 diff --git a/mysql-test/t/func_misc.test b/mysql-test/t/func_misc.test index 2a72578aca7..c4cc7734186 100644 --- a/mysql-test/t/func_misc.test +++ b/mysql-test/t/func_misc.test @@ -300,3 +300,13 @@ SELECT '1' IN ('1', INET_NTOA(0)); --echo End of tests + +# +# MDEV-5655 Server crashes on NAME_CONST containing AND/OR expressions +# +--error ER_WRONG_ARGUMENTS +SELECT NAME_CONST('a', -(1 OR 2)) OR 1; +--error ER_WRONG_ARGUMENTS +SELECT NAME_CONST('a', -(1 AND 2)) AND 1; +SELECT NAME_CONST('a', -(1)) OR 1; + diff --git a/sql/item.cc b/sql/item.cc index 976449e6353..82b6c921ec7 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -1284,17 +1284,28 @@ bool Item_name_const::is_null() Item_name_const::Item_name_const(Item *name_arg, Item *val): value_item(val), name_item(name_arg) { - if (!(valid_args= name_item->basic_const_item() && - (value_item->basic_const_item() || - ((value_item->type() == FUNC_ITEM) && - ((((Item_func *) value_item)->functype() == - Item_func::COLLATE_FUNC) || - ((((Item_func *) value_item)->functype() == - Item_func::NEG_FUNC) && - (((Item_func *) value_item)->key_item()->type() != - FUNC_ITEM))))))) - my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST"); Item::maybe_null= TRUE; + valid_args= true; + if (!name_item->basic_const_item()) + goto err; + + if (value_item->basic_const_item()) + return; // ok + + if (value_item->type() == FUNC_ITEM) + { + Item_func *value_func= (Item_func *) value_item; + if (value_func->functype() != Item_func::COLLATE_FUNC && + value_func->functype() != Item_func::NEG_FUNC) + goto err; + + if (value_func->key_item()->basic_const_item()) + return; // ok + } + +err: + valid_args= false; + my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST"); } |