Commit 247efb9c authored by unknown's avatar unknown

Fixed bug#33764: Wrong result with IN(), CONCAT() and implicit

                 type conversion.

Instead of copying of whole character string from a temporary
buffer, the server copied a short-living pointer to that string
into a long-living structure. That has been fixed.


mysql-test/r/select.result:
  Added test case for bug#33764.
mysql-test/t/select.test:
  Added test case for bug#33764.
sql/item_cmpfunc.cc:
  Fixed bug#33764.
  Copying of a pointer has been replaced with an optional copying of
  a whole array to a newly allocated memory space in case of a
  functional source item.
parent b825be1b
......@@ -4328,4 +4328,10 @@ SELECT * FROM t1 WHERE c1 > NULL + 1;
c1
DROP TABLE t1;
CREATE TABLE t1 (a VARCHAR(10) NOT NULL PRIMARY KEY);
INSERT INTO t1 (a) VALUES ('foo0'), ('bar0'), ('baz0');
SELECT * FROM t1 WHERE a IN (CONCAT('foo', 0), 'bar');
a
foo0
DROP TABLE t1;
End of 5.0 tests
......@@ -3672,4 +3672,15 @@ DROP TABLE t1;
--echo
###########################################################################
#
# Bug #33764: Wrong result with IN(), CONCAT() and implicit type conversion
#
CREATE TABLE t1 (a VARCHAR(10) NOT NULL PRIMARY KEY);
INSERT INTO t1 (a) VALUES ('foo0'), ('bar0'), ('baz0');
SELECT * FROM t1 WHERE a IN (CONCAT('foo', 0), 'bar');
DROP TABLE t1;
--echo End of 5.0 tests
......@@ -2995,7 +2995,10 @@ void in_string::set(uint pos,Item *item)
{
if (res->uses_buffer_owned_by(str))
res->copy();
*str= *res;
if (item->type() == Item::FUNC_ITEM)
str->copy(*res);
else
*str= *res;
}
if (!str->charset())
{
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment