From e30a0dda8f322aa8714caf6d6de6d583e51809f1 Mon Sep 17 00:00:00 2001
From: unknown <igor@olga.mysql.com>
Date: Sat, 26 Jan 2008 21:45:35 -0800
Subject: Fixed bug #33833. Two disjuncts containing equalities of the form
 key=const1 and key=const2 can be merged into one if const1 is equal to
 const2. To check it the common collation of the constants were used rather
 than the collation of the field key. For example when the default collation
 of the constants was cases insensitive while the collation of the field was
 case sensitive, then two or-ed equality predicates key='b' and key='B'
 incorrectly were merged into one f='b'. As a result ref access was used
 instead of range access and wrong result sets were returned in many cases.
 Fixed the problem by comparing constant in the or-ed predicate with collation
 of the key field.

mysql-test/r/range.result:
  Added a test case for bug #33833.
mysql-test/t/range.test:
  Added a test case for bug #33833.
sql/item.cc:
  Fixed bug #33833.
  Added the method eq_by_collation that compares two items almost as
  the method Item::eq, but it rather enforces a given collation for
  the comparison.
sql/item.h:
  Fixed bug #33833.
  Added the method eq_by_collation that compares two items almost as
  the method Item::eq, but it rather enforces a given collation for
  the comparison.
---
 sql/item.cc | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

(limited to 'sql/item.cc')

diff --git a/sql/item.cc b/sql/item.cc
index 713e7709bcb..182632bb40f 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -4302,6 +4302,49 @@ String *Item::check_well_formed_result(String *str, bool send_error)
   return str;
 }
 
+/*
+  Compare two items using a given collation
+  
+  SYNOPSIS
+    eq_by_collation()
+    item               item to compare with
+    binary_cmp         TRUE <-> compare as binaries
+    cs                 collation to use when comparing strings
+
+  DESCRIPTION
+    This method works exactly as Item::eq if the collation cs coincides with
+    the collation of the compared objects. Otherwise, first the collations that
+    differ from cs are replaced for cs and then the items are compared by
+    Item::eq. After the comparison the original collations of items are
+    restored.
+
+  RETURN
+    1    compared items has been detected as equal   
+    0    otherwise
+*/
+
+bool Item::eq_by_collation(Item *item, bool binary_cmp, CHARSET_INFO *cs)
+{
+  CHARSET_INFO *save_cs= 0;
+  CHARSET_INFO *save_item_cs= 0;
+  if (collation.collation != cs)
+  {
+    save_cs= collation.collation;
+    collation.collation= cs;
+  }
+  if (item->collation.collation != cs)
+  {
+    save_item_cs= item->collation.collation;
+    item->collation.collation= cs;
+  }
+  bool res= eq(item, binary_cmp);
+  if (save_cs)
+    collation.collation= save_cs;
+  if (save_item_cs)
+    item->collation.collation= save_item_cs;
+  return res;
+}  
+
 
 /*
   Create a field to hold a string value from an item
-- 
cgit v1.2.1


From d5092fa9caf06376023c25cd55610b9a033e3904 Mon Sep 17 00:00:00 2001
From: unknown <kaa@mbp.>
Date: Tue, 12 Feb 2008 12:43:55 +0300
Subject: Fix for bug #33389: Selecting from a view into a table from within SP
                     or trigger crashes server

Under some circumstances a combination of VIEWs, subselects with outer
references and PS/SP/triggers could lead to use of uninitialized memory
and server crash as a result.

Fixed by changing the code in Item_field::fix_fields() so that in cases
when the field is a VIEW reference, we first check whether the field
is also an outer reference, and mark it appropriately before returning.


mysql-test/r/view.result:
  Added a test case for bug #33389.
mysql-test/t/view.test:
  Added a test case for bug #33389.
sql/item.cc:
  In cases when in Item_field::fix_fields() from_field is a view reference,
  do not return too early, i.e. before marking the reference as an outer
  one when needed.
---
 sql/item.cc | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

(limited to 'sql/item.cc')

diff --git a/sql/item.cc b/sql/item.cc
index 713e7709bcb..8283e1a13d3 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -3903,6 +3903,18 @@ bool Item_field::fix_fields(THD *thd, Item **reference)
     else if (!from_field)
       goto error;
 
+    if (!outer_fixed && cached_table && cached_table->select_lex &&
+          context->select_lex &&
+          cached_table->select_lex != context->select_lex)
+    {
+      int ret;
+      if ((ret= fix_outer_field(thd, &from_field, reference)) < 0)
+        goto error;
+      else if (!ret)
+        return FALSE;
+      outer_fixed= 1;
+    }
+
     /*
       if it is not expression from merged VIEW we will set this field.
 
@@ -3918,18 +3930,6 @@ bool Item_field::fix_fields(THD *thd, Item **reference)
     if (from_field == view_ref_found)
       return FALSE;
 
-    if (!outer_fixed && cached_table && cached_table->select_lex &&
-          context->select_lex &&
-          cached_table->select_lex != context->select_lex)
-    {
-      int ret;
-      if ((ret= fix_outer_field(thd, &from_field, reference)) < 0)
-        goto error;
-      else if (!ret)
-        return FALSE;
-      outer_fixed= 1;
-    }
-
     set_field(from_field);
     if (thd->lex->in_sum_func &&
         thd->lex->in_sum_func->nest_level == 
-- 
cgit v1.2.1