diff options
author | Sergei Golubchik <serg@mariadb.org> | 2020-12-15 00:16:21 +0100 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2020-12-19 11:44:42 +0100 |
commit | 59211ab7b9fb3c106e805bebd393731f42f95abe (patch) | |
tree | 2f67df33bf8f2c8deda25b8ec93bf64b97227e80 /sql | |
parent | a587ded283d8abd1f20258b283911abe759f5f64 (diff) | |
download | mariadb-git-59211ab7b9fb3c106e805bebd393731f42f95abe.tar.gz |
MDEV-24346 valgrind error in main.precedence
Part II.
It's still possible to bypass Item_func_like::escape
initialization in Item_func_like::fix_fields().
This requires ESCAPE argument being a cacheable subquery
that uses tables and is inside a derived table which
is used in multi-update.
Instead of implementing a complex or expensive fix for
this particular ridiculously artificial case, let's simply disallow it.
Diffstat (limited to 'sql')
-rw-r--r-- | sql/item_cmpfunc.cc | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index e0dad886a06..bfd7f3dbd1b 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -5348,7 +5348,18 @@ bool fix_escape_item(THD *thd, Item *escape_item, String *tmp_str, bool escape_used_in_parsing, CHARSET_INFO *cmp_cs, int *escape) { - if (!escape_item->const_during_execution()) + /* + ESCAPE clause accepts only constant arguments and Item_param. + + Subqueries during context_analysis_only might decide they're + const_during_execution, but not quite const yet, not evaluate-able. + This is fine, as most of context_analysis_only modes will never + reach val_int(), so we won't need the value. + CONTEXT_ANALYSIS_ONLY_DERIVED being a notable exception here. + */ + if (!escape_item->const_during_execution() || + (!escape_item->const_item() && + !(thd->lex->context_analysis_only & ~CONTEXT_ANALYSIS_ONLY_DERIVED))) { my_error(ER_WRONG_ARGUMENTS,MYF(0),"ESCAPE"); return TRUE; |