diff options
| -rw-r--r-- | mysql-test/r/func_group.result | 13 | ||||
| -rw-r--r-- | mysql-test/t/func_group.test | 21 | ||||
| -rw-r--r-- | sql/item.cc | 4 | ||||
| -rw-r--r-- | sql/item_sum.cc | 20 | ||||
| -rw-r--r-- | sql/item_sum.h | 10 |
5 files changed, 54 insertions, 14 deletions
diff --git a/mysql-test/r/func_group.result b/mysql-test/r/func_group.result index bc295ec7b44..1f6e01da0c9 100644 --- a/mysql-test/r/func_group.result +++ b/mysql-test/r/func_group.result @@ -1724,6 +1724,19 @@ m 1 DROP TABLE t1; # +# Bug#58030 crash in Item_func_geometry_from_text::val_str +# +SELECT MAX(TIMESTAMP(RAND(0))); +SELECT MIN(TIMESTAMP(RAND(0))); +# +# Bug#58177 crash and valgrind warnings in decimal and protocol sending functions... +# +SELECT MIN(GET_LOCK('aaaaaaaaaaaaaaaaa',0) / '0b1111111111111111111111111111111111111111111111111111111111111111111111111' ^ (RAND())); +SELECT MIN(GET_LOCK('aaaaaaaaaaaaaaaaa',0) / '0b1111111111111111111111111111111111111111111111111111111111111111111111111' ^ (RAND())); +SELECT MIN(GET_LOCK('aaaaaaaaaaaaaaaaa',0) / '0b1111111111111111111111111111111111111111111111111111111111111111111111111' ^ (RAND())); +SELECT MIN(GET_LOCK('aaaaaaaaaaaaaaaaa',0) / '0b1111111111111111111111111111111111111111111111111111111111111111111111111' ^ (RAND())); +SELECT RELEASE_LOCK('aaaaaaaaaaaaaaaaa'); +# End of 5.1 tests # # Bug#55648: Server crash on MIN/MAX on maximum time value diff --git a/mysql-test/t/func_group.test b/mysql-test/t/func_group.test index 9a9c5442d87..2c4a7f4c7b1 100644 --- a/mysql-test/t/func_group.test +++ b/mysql-test/t/func_group.test @@ -1097,6 +1097,27 @@ SELECT MAX((SELECT 1 FROM t1 ORDER BY @var LIMIT 1)) m FROM t1 t2, t1 DROP TABLE t1; --echo # +--echo # Bug#58030 crash in Item_func_geometry_from_text::val_str +--echo # + +--disable_result_log + +SELECT MAX(TIMESTAMP(RAND(0))); +SELECT MIN(TIMESTAMP(RAND(0))); + +--echo # +--echo # Bug#58177 crash and valgrind warnings in decimal and protocol sending functions... +--echo # + +SELECT MIN(GET_LOCK('aaaaaaaaaaaaaaaaa',0) / '0b1111111111111111111111111111111111111111111111111111111111111111111111111' ^ (RAND())); +SELECT MIN(GET_LOCK('aaaaaaaaaaaaaaaaa',0) / '0b1111111111111111111111111111111111111111111111111111111111111111111111111' ^ (RAND())); +SELECT MIN(GET_LOCK('aaaaaaaaaaaaaaaaa',0) / '0b1111111111111111111111111111111111111111111111111111111111111111111111111' ^ (RAND())); +SELECT MIN(GET_LOCK('aaaaaaaaaaaaaaaaa',0) / '0b1111111111111111111111111111111111111111111111111111111111111111111111111' ^ (RAND())); +SELECT RELEASE_LOCK('aaaaaaaaaaaaaaaaa'); + +--enable_result_log + +--echo # --echo End of 5.1 tests --echo # diff --git a/sql/item.cc b/sql/item.cc index b1e453121bd..18a88d64470 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -5839,6 +5839,10 @@ bool Item::send(Protocol *protocol, String *buffer) String *res; if ((res=val_str(buffer))) result= protocol->store(res->ptr(),res->length(),res->charset()); + else + { + DBUG_ASSERT(null_value); + } break; } case MYSQL_TYPE_TINY: diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 107634e196d..9bd551d2a30 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -1196,8 +1196,10 @@ void Item_sum_hybrid::setup_hybrid(Item *item, Item *value_arg) value= Item_cache::get_cache(item); value->setup(item); value->store(value_arg); + arg_cache= Item_cache::get_cache(item); + arg_cache->setup(item); cmp= new Arg_comparator(); - cmp->set_cmp_func(this, args, (Item**)&value, FALSE); + cmp->set_cmp_func(this, (Item**)&arg_cache, (Item**)&value, FALSE); collation.set(item->collation); } @@ -1966,11 +1968,11 @@ Item *Item_sum_min::copy_or_same(THD* thd) bool Item_sum_min::add() { /* args[0] < value */ - int res= cmp->compare(); - if (!args[0]->null_value && - (null_value || res < 0)) + arg_cache->cache_value(); + if (!arg_cache->null_value && + (null_value || cmp->compare() < 0)) { - value->store(args[0]); + value->store(arg_cache); value->cache_value(); null_value= 0; } @@ -1989,11 +1991,11 @@ Item *Item_sum_max::copy_or_same(THD* thd) bool Item_sum_max::add() { /* args[0] > value */ - int res= cmp->compare(); - if (!args[0]->null_value && - (null_value || res > 0)) + arg_cache->cache_value(); + if (!arg_cache->null_value && + (null_value || cmp->compare() > 0)) { - value->store(args[0]); + value->store(arg_cache); value->cache_value(); null_value= 0; } diff --git a/sql/item_sum.h b/sql/item_sum.h index 3ea79fb8cee..634d593935f 100644 --- a/sql/item_sum.h +++ b/sql/item_sum.h @@ -994,7 +994,7 @@ class Item_cache; class Item_sum_hybrid :public Item_sum { protected: - Item_cache *value; + Item_cache *value, *arg_cache; Arg_comparator *cmp; Item_result hybrid_type; enum_field_types hybrid_field_type; @@ -1003,14 +1003,14 @@ protected: public: Item_sum_hybrid(Item *item_par,int sign) - :Item_sum(item_par), value(0), cmp(0), + :Item_sum(item_par), value(0), arg_cache(0), cmp(0), hybrid_type(INT_RESULT), hybrid_field_type(MYSQL_TYPE_LONGLONG), cmp_sign(sign), was_values(TRUE) { collation.set(&my_charset_bin); } Item_sum_hybrid(THD *thd, Item_sum_hybrid *item) - :Item_sum(thd, item), value(item->value), hybrid_type(item->hybrid_type), - hybrid_field_type(item->hybrid_field_type), cmp_sign(item->cmp_sign), - was_values(item->was_values) + :Item_sum(thd, item), value(item->value), arg_cache(0), + hybrid_type(item->hybrid_type), hybrid_field_type(item->hybrid_field_type), + cmp_sign(item->cmp_sign), was_values(item->was_values) { } bool fix_fields(THD *, Item **); void setup_hybrid(Item *item, Item *value_arg); |