Commit edcccfbc authored by unknown's avatar unknown
Browse files

A fix and test case for bug#5688 "Upgraded 4.1.5 Server seg faults" 


mysql-test/r/ps.result:
  Test results fixed: the test case for bug#5688 "Upgraded 4.1.5 Server 
  seg faults"
mysql-test/t/ps.test:
  Test case for bug#5688 "Upgraded 4.1.5 Server seg faults"
sql/item_cmpfunc.cc:
  A fix for bug#5688 "Upgraded 4.1.5 Server seg faults":
  fix just another place where we use wrong memory root for an Item
  in statement prepare.
  In addition, make the check for charsets in Item_bool_func2
  more generic (fixes the test case when we use LIKE to compare BLOBs
  with TEXT data).
parent 3f76fd69

mysql-test/r/ps.result

+8 −0
Original line number Diff line number Diff line
@@ -289,3 +289,11 @@ execute stmt using @var; 
select * from t1;

deallocate prepare stmt;

drop table t1;

prepare stmt from "select 'abc' like convert('abc' using utf8)";

execute stmt;

'abc' like convert('abc' using utf8)

1

execute stmt;

'abc' like convert('abc' using utf8)

1

deallocate prepare stmt;

mysql-test/t/ps.test

+10 −0
Original line number Diff line number Diff line
@@ -304,3 +304,13 @@ select * from t1; 
deallocate prepare stmt;

drop table t1;



# 

# BUG#5688 "Upgraded 4.1.5 Server seg faults" # (prepared statements)

# The test case speaks for itself.

# Just another place where we used wrong memory root for Items created

# during statement prepare.

# 

prepare stmt from "select 'abc' like convert('abc' using utf8)";

execute stmt;

execute stmt;

deallocate prepare stmt;

sql/item_cmpfunc.cc

+14 −12
Original line number Diff line number Diff line
@@ -188,17 +188,27 @@ void Item_bool_func2::fix_length_and_dec() 
  {

    uint strong= 0;

    uint weak= 0;

    uint32 dummy_offset;

    DTCollation coll;



    if (args[0]->result_type() == STRING_RESULT &&

        args[1]->result_type() == STRING_RESULT &&

        !my_charset_same(args[0]->collation.collation,

                         args[1]->collation.collation) &&

        String::needs_conversion(0, args[0]->collation.collation,

                                    args[1]->collation.collation,

                                    &dummy_offset) &&

        !coll.set(args[0]->collation, args[1]->collation, TRUE))

    {

      Item* conv= 0;

      THD *thd= current_thd;

      Item_arena *arena= thd->current_arena, backup;

      strong= coll.strong;

      weak= strong ? 0 : 1;

      /*

        In case we're in statement prepare, create conversion item

        in its memory: it will be reused on each execute.

      */

      if (arena->is_stmt_prepare())

          thd->set_n_backup_item_arena(arena, &backup);

      if (args[weak]->type() == STRING_ITEM)

      {

        String tmp, cstr;
@@ -211,21 +221,13 @@ void Item_bool_func2::fix_length_and_dec() 
      }

      else

      {

        THD *thd= current_thd;

        /*

          In case we're in statement prepare, create conversion item

          in its memory: it will be reused on each execute.

        */

        Item_arena *arena= thd->current_arena, backup;

        if (arena->is_stmt_prepare())

          thd->set_n_backup_item_arena(arena, &backup);

	conv= new Item_func_conv_charset(args[weak],

                                         args[strong]->collation.collation);

        if (arena->is_stmt_prepare())

          thd->restore_backup_item_arena(arena, &backup);

        conv->collation.set(args[weak]->collation.derivation);

        conv->fix_fields(thd, 0, &conv);

      }

      if (arena->is_stmt_prepare())

        thd->restore_backup_item_arena(arena, &backup);

      args[weak]= conv ? conv : args[weak];

    }

  }