From eb47b226d268e7820a9153672798cf991a8fd0fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= Date: Wed, 15 Apr 2015 16:23:43 +0300 Subject: MDEV-7820 Server crashes in in my_strcasecmp_utf8 on subquery in ORDER BY clause of GROUP_CONCAT It is possible for Item_field to have a NULL field_name. This is true if the Item_field is created based on a field in a temporary table that has no name. It is thus necessary to do a null check before attempting a strcmp. --- mysql-test/r/func_gconcat.result | 12 ++++++++++++ mysql-test/t/func_gconcat.test | 18 ++++++++++++++++++ sql/sql_base.cc | 2 +- 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/func_gconcat.result b/mysql-test/r/func_gconcat.result index b60deae1c80..f12a0c1127a 100644 --- a/mysql-test/r/func_gconcat.result +++ b/mysql-test/r/func_gconcat.result @@ -1091,3 +1091,15 @@ insert into t1 values ('a'),('b'); select 1 from t1 where a in (select group_concat(a) from t1); 1 drop table t1; +CREATE TABLE t1 (f1 VARCHAR(10)) ENGINE=MyISAM; +INSERT INTO t1 VALUES ('a'),('b'); +CREATE TABLE t2 (f2 VARCHAR(10)) ENGINE=MyISAM; +INSERT INTO t2 VALUES ('c'); +CREATE TABLE t3 (f3 VARCHAR(10)) ENGINE=MyISAM; +INSERT INTO t3 VALUES ('d'),('e'); +SELECT GROUP_CONCAT( f2 ORDER BY ( f2 IN ( SELECT f1 FROM t1 WHERE f1 <= f2 ) ) ) AS field +FROM ( SELECT * FROM t2 ) AS sq2, t3 +ORDER BY field; +field +c,c +drop table t3, t2, t1; diff --git a/mysql-test/t/func_gconcat.test b/mysql-test/t/func_gconcat.test index 936b93b49c9..20fbed702e9 100644 --- a/mysql-test/t/func_gconcat.test +++ b/mysql-test/t/func_gconcat.test @@ -803,3 +803,21 @@ create table t1 (a char(1) character set utf8); insert into t1 values ('a'),('b'); select 1 from t1 where a in (select group_concat(a) from t1); drop table t1; + +# +# MDEV-7820 Server crashes in in my_strcasecmp_utf8 on subquery in ORDER BY clause of GROUP_CONCAT +# +CREATE TABLE t1 (f1 VARCHAR(10)) ENGINE=MyISAM; +INSERT INTO t1 VALUES ('a'),('b'); + +CREATE TABLE t2 (f2 VARCHAR(10)) ENGINE=MyISAM; +INSERT INTO t2 VALUES ('c'); + +CREATE TABLE t3 (f3 VARCHAR(10)) ENGINE=MyISAM; +INSERT INTO t3 VALUES ('d'),('e'); + +SELECT GROUP_CONCAT( f2 ORDER BY ( f2 IN ( SELECT f1 FROM t1 WHERE f1 <= f2 ) ) ) AS field +FROM ( SELECT * FROM t2 ) AS sq2, t3 +ORDER BY field; + +drop table t3, t2, t1; diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 3c36c2b514a..ea1eb0aa98e 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -7256,7 +7256,7 @@ find_item_in_list(Item *find, List &items, uint *counter, Item_field for tables. */ Item_ident *item_ref= (Item_ident *) item; - if (item_ref->name && item_ref->table_name && + if (field_name && item_ref->name && item_ref->table_name && !my_strcasecmp(system_charset_info, item_ref->name, field_name) && !my_strcasecmp(table_alias_charset, item_ref->table_name, table_name) && -- cgit v1.2.1