Fixed bug#17726: Not checked empty list caused endless loop

When the Item_cond::fix_fields() function reduces cond tree, it in loop
scans it's own list and when it founds Item_cond with same function (AND
or OR) it does next things: 1) replaces that item with item's list. 2)
empties item's list. Due to this operation is done twice - for update and
for view, at the update phase cond's list of lower view is already empty.
Empty list returns ref to itself, thus making endless loop by replacing
list with itself, emptying, replacing again and so on. This results in
server hung up.

To the Item_cond::fix_fields() function added check that ensures that
list being replaced with isn't empty.


mysql-test/t/view.test:
  Added test for bug#17726: Not checked empty list caused endless loop
mysql-test/r/view.result:
  Added test for bug#17726: Not checked empty list caused endless loop
sql/item_cmpfunc.cc:
  Fixed bug#17726: Not checked empty list caused endless loop
  To the Item_cond::fix_fields() function added check that ensures that
  list being replaced with isn't empty.

1 files changed, 2 insertions, 1 deletions

diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index 7ba8a536ac7..4cd460cfeb0 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -2553,7 +2553,8 @@ Item_cond::fix_fields(THD *thd, Item **ref)
   {
     table_map tmp_table_map;
     while (item->type() == Item::COND_ITEM &&
-	   ((Item_cond*) item)->functype() == functype())
+	   ((Item_cond*) item)->functype() == functype() &&
+           !((Item_cond*) item)->list.is_empty())
     {						// Identical function
       li.replace(((Item_cond*) item)->list);
       ((Item_cond*) item)->list.empty();