Fix for bug #32137: prepared statement crash with str_to_date in update clause

Problem: calling non-constant argument's val_xxx() methods in the ::fix_length_and_dec() is inadmissible. Fix: call the method only for constant arguments.

Fix for bug #32137: prepared statement crash with str_to_date in update clause
Problem: calling non-constant argument's val_xxx() methods in the ::fix_length_and_dec() is inadmissible. Fix: call the method only for constant arguments.
173c2bb0 · ramil/ram@mysql.com/ramil.myoffice.izhnet.ru · 71c91960 · 173c2bb0 · 173c2bb0 · 173c2bb0
Commit 173c2bb0 authored Nov 07, 2007 by ramil/ram@mysql.com/ramil.myoffice.izhnet.ru
Hide whitespace changes
Inline Side-by-side

Showing with 40 additions and 23 deletions

mysql-test/r/ps.result mysql-test/r/ps.result +5 -0

mysql-test/t/ps.test mysql-test/t/ps.test +9 -0

sql/item_timefunc.cc sql/item_timefunc.cc +26 -23

No files found.
--- a/mysql-test/r/ps.result
+++ b/mysql-test/r/ps.result
@@ -1109,4 +1109,9 @@ a
 13
 DEALLOCATE PREPARE st1;
 DROP TABLE t1;
+create table t1 (a int, b tinyint);
+prepare st1 from 'update t1 set b= (str_to_date(a, a))';
+execute st1;
+deallocate prepare st1;
+drop table t1;
 End of 4.1 tests.
--- a/mysql-test/t/ps.test
+++ b/mysql-test/t/ps.test
@@ -1146,4 +1146,13 @@ EXECUTE st1;
 DEALLOCATE PREPARE st1;
 DROP TABLE t1;
+#
+# Bug #32137: prepared statement crash with str_to_date in update clause
+#
+create table t1 (a int, b tinyint);
+prepare st1 from 'update t1 set b= (str_to_date(a, a))';
+execute st1;
+deallocate prepare st1;
+drop table t1;
 --echo End of 4.1 tests.
--- a/sql/item_timefunc.cc
+++ b/sql/item_timefunc.cc
@@ -2958,39 +2958,42 @@ Field *Item_func_str_to_date::tmp_table_field(TABLE *t_arg)
 void Item_func_str_to_date::fix_length_and_dec()
 {
-  char format_buff[64];
-  String format_str(format_buff, sizeof(format_buff), &my_charset_bin);
-  String *format;
  maybe_null= 1;
  decimals=0;
  cached_field_type= MYSQL_TYPE_STRING;
  max_length= MAX_DATETIME_FULL_WIDTH*MY_CHARSET_BIN_MB_MAXLEN;
  cached_timestamp_type= MYSQL_TIMESTAMP_NONE;
-  format= args[1]->val_str(&format_str);
+  if ((const_item= args[1]->const_item()))
-  if (!args[1]->null_value && (const_item= args[1]->const_item()))
  {
-    cached_format_type= get_date_time_result_type(format->ptr(),
+    char format_buff[64];
-                                                  format->length());
+    String format_str(format_buff, sizeof(format_buff), &my_charset_bin);
-    switch (cached_format_type) {
+    String *format= args[1]->val_str(&format_str);
-    case DATE_ONLY:
+    if (!args[1]->null_value)
-      cached_timestamp_type= MYSQL_TIMESTAMP_DATE;
+    {
-      cached_field_type= MYSQL_TYPE_DATE; 
+      cached_format_type= get_date_time_result_type(format->ptr(),
-      max_length= MAX_DATE_WIDTH*MY_CHARSET_BIN_MB_MAXLEN;
+                                                    format->length());
-      break;
+      switch (cached_format_type) {
-    case TIME_ONLY:
+      case DATE_ONLY:
-    case TIME_MICROSECOND:
+        cached_timestamp_type= MYSQL_TIMESTAMP_DATE;
-      cached_timestamp_type= MYSQL_TIMESTAMP_TIME;
+        cached_field_type= MYSQL_TYPE_DATE; 
-      cached_field_type= MYSQL_TYPE_TIME; 
+        max_length= MAX_DATE_WIDTH * MY_CHARSET_BIN_MB_MAXLEN;
-      max_length= MAX_TIME_WIDTH*MY_CHARSET_BIN_MB_MAXLEN;
+        break;
-      break;
+      case TIME_ONLY:
-    default:
+      case TIME_MICROSECOND:
-      cached_timestamp_type= MYSQL_TIMESTAMP_DATETIME;
+        cached_timestamp_type= MYSQL_TIMESTAMP_TIME;
-      cached_field_type= MYSQL_TYPE_DATETIME; 
+        cached_field_type= MYSQL_TYPE_TIME; 
-      break;
+        max_length= MAX_TIME_WIDTH * MY_CHARSET_BIN_MB_MAXLEN;
+        break;
+      default:
+        cached_timestamp_type= MYSQL_TIMESTAMP_DATETIME;
+        cached_field_type= MYSQL_TYPE_DATETIME; 
+        break;
+      }
    }
  }
 }
 bool Item_func_str_to_date::get_date(TIME *ltime, uint fuzzy_date)
 {
  DATE_TIME_FORMAT date_time_format;