Bug#13013970 MORE CRASHES IN FIELD_BLOB::GET_KEY_IMAGE

The predicate is re-written from ((`test`.`g1`.`a` = geometryfromtext('')) or ... to ((`test`.`g1`.`a` = <cache>(geometryfromtext(''))) or ... The range optimizer calls save_in_field_no_warnings, in order to fetch keys. save_in_field_no_warnings returns 0 because of the cache wrapper, and get_mm_leaf() proceeded to call Field_blob::get_key_image() which accesses un-initialized data. mysql-test/r/gis.result: New test case. mysql-test/t/gis.test: New test case. sql/item.cc: If we have cached a null_value, then verify that the Field can accept it.
author: Tor Didriksen <tor.didriksen@oracle.com> 2011-12-05 15:42:45 +0100
committer: Tor Didriksen <tor.didriksen@oracle.com> 2011-12-05 15:42:45 +0100
commit: 0cd9228124266a1e8cf41e74994cdba1380ac2e2 (patch)
tree: 411757003da4dbc4ebbd20eca60c3288a86d885a /sql
parent: bce2360f53eb238aba4196c4893bc0ecf560a6cd (diff)
download: mariadb-git-0cd9228124266a1e8cf41e74994cdba1380ac2e2.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/sql/item.cc b/sql/item.cc
index ca1ae1c4f71..c8c68a3924b 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -7924,8 +7924,8 @@ my_decimal *Item_cache_str::val_decimal(my_decimal *decimal_val)
 
 int Item_cache_str::save_in_field(Field *field, bool no_conversions)
 {
-  if (!has_value())
-    return 0;
+  if (!value_cached && !cache_value())
+    return -1;                      // Fatal: couldn't cache the value
   int res= Item_cache::save_in_field(field, no_conversions);
   return (is_varbinary && field->type() == MYSQL_TYPE_STRING &&
           value->length() < field->field_length) ? 1 : res;
author	Tor Didriksen <tor.didriksen@oracle.com>	2011-12-05 15:42:45 +0100
committer	Tor Didriksen <tor.didriksen@oracle.com>	2011-12-05 15:42:45 +0100
commit	0cd9228124266a1e8cf41e74994cdba1380ac2e2 (patch)
tree	411757003da4dbc4ebbd20eca60c3288a86d885a /sql
parent	bce2360f53eb238aba4196c4893bc0ecf560a6cd (diff)
download	mariadb-git-0cd9228124266a1e8cf41e74994cdba1380ac2e2.tar.gz