Fixed bug #27130. If the third argument of the function SUBSTR was

represented by an expression of the type UNSIGNED INT and this 
expression was evaluated to 0 then the function erroneously returned
the value of the first argument instead of an empty string. 

This problem was introduced by the patch for bug 10963.

The problem has been resolved by a proper modification of the code of
Item_func_substr::val_str.

mysql-test/r/func_str.result

@@ -2061,4 +2061,20 @@ C
 2707236321
 DROP TABLE t1, t2;
 DROP VIEW v1;
+SELECT SUBSTR('foo',1,0) FROM DUAL;
+SUBSTR('foo',1,0)
+
+SELECT SUBSTR('foo',1,CAST(0 AS SIGNED)) FROM DUAL;
+SUBSTR('foo',1,CAST(0 AS SIGNED))
+
+SELECT SUBSTR('foo',1,CAST(0 AS UNSIGNED)) FROM DUAL;
+SUBSTR('foo',1,CAST(0 AS UNSIGNED))
+
+CREATE TABLE t1 (a varchar(10), len int unsigned);
+INSERT INTO t1 VALUES ('bar', 2), ('foo', 0);
+SELECT SUBSTR(a,1,len) FROM t1;
+SUBSTR(a,1,len)
+ba
+
+DROP TABLE t1;
 End of 5.0 tests

mysql-test/t/func_str.test

@@ -1076,4 +1076,19 @@ SELECT * FROM (SELECT * FROM v1) x;
 DROP TABLE t1, t2;
 DROP VIEW v1;
 
+#
+# Bug #27130: SUBSTR with UNSIGNED 0 as the last argument
+#
+
+SELECT SUBSTR('foo',1,0) FROM DUAL;
+SELECT SUBSTR('foo',1,CAST(0 AS SIGNED)) FROM DUAL;
+SELECT SUBSTR('foo',1,CAST(0 AS UNSIGNED)) FROM DUAL;
+
+CREATE TABLE t1 (a varchar(10), len int unsigned);
+INSERT INTO t1 VALUES ('bar', 2), ('foo', 0);
+
+SELECT SUBSTR(a,1,len) FROM t1;
+
+DROP TABLE t1; 
+
 --echo End of 5.0 tests

sql/item_strfunc.cc

@@ -1145,8 +1145,9 @@ String *Item_func_substr::val_str(String *str)
 		   (arg_count == 3 && args[2]->null_value))))
     return 0; /* purecov: inspected */
 
-  /* Negative length, will return empty string. */
-  if ((arg_count == 3) && (length <= 0) && !args[2]->unsigned_flag)
+  /* Negative or zero length, will return empty string. */
+  if ((arg_count == 3) && (length <= 0) && 
+      (length == 0 || !args[2]->unsigned_flag))
     return &my_empty_string;
 
   /* Assumes that the maximum length of a String is < INT_MAX32. */