Commit a4a23fb9 authored Mar 22, 2007 by unknown

Fixed bug #27362: crash at evaluation of IN predicate when one

of its argument happened to be a decimal expression returning
the NULL value.
The crash was due to the fact the function in_decimal::set did
not take into account that val_decimal() could return 0 if 
the decimal expression had been evaluated to NULL.  


mysql-test/r/func_in.result:
  Added a test case for bug #27362.
mysql-test/t/func_in.test:
  Added a test case for bug #27362.

parent b70693f5

mysql-test/r/func_in.result

+5 −0

Original line number	Diff line number	Diff line
		@@ -470,4 +470,9 @@ a
		Warnings:
		Warning 1292 Incorrect date value: '19772-07-29' for column 'a' at row 1
		DROP TABLE t1,t2,t3,t4;
		CREATE TABLE t1 (id int not null);
		INSERT INTO t1 VALUES (1),(2);
		SELECT id FROM t1 WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) );
		id
		DROP TABLE t1;
		End of 5.0 tests

mysql-test/t/func_in.test

+11 −0

Original line number	Diff line number	Diff line
		@@ -360,4 +360,15 @@ SELECT * FROM t4 WHERE a IN ('1972-02-06','19772-07-29');

		DROP TABLE t1,t2,t3,t4;

		#
		# BUG#27362: IN with a decimal expression that may return NULL
		#

		CREATE TABLE t1 (id int not null);
		INSERT INTO t1 VALUES (1),(2);

		SELECT id FROM t1 WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) );

		DROP TABLE t1;

		--echo End of 5.0 tests

sql/item_cmpfunc.cc

+2 −1

Original line number	Diff line number	Diff line
		@@ -2423,7 +2423,8 @@ void in_decimal::set(uint pos, Item *item)
		dec->len= DECIMAL_BUFF_LENGTH;
		dec->fix_buffer_pointer();
		my_decimal *res= item->val_decimal(dec);
		if (res != dec)
		/* if item->val_decimal() is evaluated to NULL then res == 0 */
		if (!item->null_value && res != dec)
		my_decimal2decimal(res, dec);
		}