MDEV-37503 UBSAN: downcast Item_func_plus to Item_field invalid in sql_prepare.cc:1516

vuvova · vuvova · commit 71d4cae8668d · 2026-01-26T10:01:31.000+01:00
use reinterpret_cast to silence UBSAN.
add a debug check to make sure the wrong value is never used.
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
@@ -1511,7 +1511,18 @@ static int mysql_test_update(Prepared_statement *stmt,
   {
     List_iterator_fast<Item> fs(select->item_list), vs(stmt->lex->value_list);
     while (Item *f= fs++)
-      vs++->associate_with_target_field(thd, static_cast<Item_field*>(f));
+    {
+      /*
+        note that if `f` is a non-updatable view field, it may be not
+        inherited from Item_field, and the cast below will essentially
+        produce garbage. But ER_NONUPDATEABLE_COLUMN will happen before it's
+        ever dereferenced.
+      */
+#ifndef DBUG_OFF
+      if (!dynamic_cast<Item_field*>(f)) f= (Item_field*)0x01; // let it crash
+#endif
+      vs++->associate_with_target_field(thd, reinterpret_cast<Item_field*>(f));
+    }
   }
   /* TODO: here we should send types of placeholders to the client. */
   DBUG_RETURN(0);
