From 2e5d668debb738d9bf824a87601ca9d265013ad4 Mon Sep 17 00:00:00 2001
From: unknown <pem@mysql.com>
Date: Wed, 19 Oct 2005 14:54:54 +0200
Subject: Fixed BUG#13941: replace() string fuction behaves badly inside stored
                  procedure   For some functions returning strings (like
 "replace" and "ifnull" - where   val_str() is returning a pointer into one of
 the parameters) - we ended   up with a dangling pointer after the new
 operator destroyed the reuse item   in the eval function.   A working, if not
 very elegant, solution is to simply copy the string in   such cases.

mysql-test/r/sp.result:
  New test case for BUG#13941.
mysql-test/t/sp.test:
  New test case for BUG#13941.
sql/sp_head.cc:
  Copy the string when evaluating some string functions (e.g. "replace" and "ifnull")
  to avoid using a dangling pointer.
---
 mysql-test/r/sp.result | 28 ++++++++++++++++++++++++++++
 mysql-test/t/sp.test   | 43 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+)

(limited to 'mysql-test')

diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result
index e95ee4441ce..7fdbeff9a86 100644
--- a/mysql-test/r/sp.result
+++ b/mysql-test/r/sp.result
@@ -3504,4 +3504,32 @@ drop procedure bug7049_5|
 drop procedure bug7049_6|
 drop function bug7049_1|
 drop function bug7049_2|
+drop function if exists bug13941|
+drop procedure if exists bug13941|
+create function bug13941(p_input_str text)
+returns text
+begin
+declare p_output_str text;
+set p_output_str = p_input_str;
+set p_output_str = replace(p_output_str, 'xyzzy', 'plugh');
+set p_output_str = replace(p_output_str, 'test', 'prova');
+set p_output_str = replace(p_output_str, 'this', 'questo');
+set p_output_str = replace(p_output_str, ' a ', 'una ');
+set p_output_str = replace(p_output_str, 'is', '');
+return p_output_str;
+end|
+create procedure bug13941(out sout varchar(128))
+begin
+set sout = 'Local';
+set sout = ifnull(sout, 'DEF');
+end|
+select bug13941('this is a test')|
+bug13941('this is a test')
+questo una prova
+call bug13941(@a)|
+select @a|
+@a
+Local
+drop function bug13941|
+drop procedure bug13941|
 drop table t1,t2;
diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test
index 4b9987c2803..18607c7f13c 100644
--- a/mysql-test/t/sp.test
+++ b/mysql-test/t/sp.test
@@ -4390,6 +4390,49 @@ drop function bug7049_1|
 drop function bug7049_2|
 
 
+#
+# BUG#13941: replace() string fuction behaves badly inside stored procedure
+# (BUG#13914: IFNULL is returning garbage in stored procedure)
+#
+--disable_warnings
+drop function if exists bug13941|
+drop procedure if exists bug13941|
+--enable_warnings
+
+create function bug13941(p_input_str text)
+  returns text
+begin
+  declare p_output_str text;
+
+  set p_output_str = p_input_str;
+
+  set p_output_str = replace(p_output_str, 'xyzzy', 'plugh');
+  set p_output_str = replace(p_output_str, 'test', 'prova');
+  set p_output_str = replace(p_output_str, 'this', 'questo');
+  set p_output_str = replace(p_output_str, ' a ', 'una ');
+  set p_output_str = replace(p_output_str, 'is', '');
+
+  return p_output_str;
+end|
+
+create procedure bug13941(out sout varchar(128))
+begin
+  set sout = 'Local';
+  set sout = ifnull(sout, 'DEF');
+end|
+
+# Note: The bug showed different behaviour in different types of builds,
+#  giving garbage results in some, and seemingly working in others.
+#  Running with valgrind (or purify) is the safe way to check that it's
+#  really working correctly.
+select bug13941('this is a test')|
+call bug13941(@a)|
+select @a|
+
+drop function bug13941|
+drop procedure bug13941|
+
+
 #
 # BUG#NNNN: New bug synopsis
 #
-- 
cgit v1.2.1