MDEV-17257 Server crashes in Item::field_type_for_temporal_comparison…

… or in get_datetime_value on SELECT with YEAR field and IN
MariaDB · Oct 17, 2018 · 8e71613 · 8e71613
1 parent 853dee8
commit 8e71613
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 3 deletions.
diff --git a/mysql-test/r/type_year.result b/mysql-test/r/type_year.result
@@ -394,3 +394,16 @@ select a from t1 where a=b;
 a
 drop table t1;
 drop function y2k;
+#
+# Start of 10.0 tests
+#
+#
+# MDEV-17257 Server crashes in Item::field_type_for_temporal_comparison or in get_datetime_value on SELECT with YEAR field and IN
+#
+CREATE TABLE t1 (y YEAR);
+SELECT * FROM t1 WHERE y IN ( CAST( '1993-03-26 10:14:20' AS DATE ), NULL );
+y
+DROP TABLE t1;
+#
+# End of 10.0 tests
+#
diff --git a/mysql-test/t/type_year.test b/mysql-test/t/type_year.test
@@ -188,3 +188,19 @@ drop table t1;
 drop function y2k;
 
 
+--echo #
+--echo # Start of 10.0 tests
+--echo #
+
+--echo #
+--echo # MDEV-17257 Server crashes in Item::field_type_for_temporal_comparison or in get_datetime_value on SELECT with YEAR field and IN
+--echo #
+
+CREATE TABLE t1 (y YEAR);
+SELECT * FROM t1 WHERE y IN ( CAST( '1993-03-26 10:14:20' AS DATE ), NULL );
+DROP TABLE t1;
+
+
+--echo #
+--echo # End of 10.0 tests
+--echo #
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
@@ -4172,11 +4172,20 @@ void Item_func_in::fix_length_and_dec()
       if (field_item->field_type() ==  MYSQL_TYPE_LONGLONG ||
           field_item->field_type() ==  MYSQL_TYPE_YEAR)
       {
-        bool all_converted= TRUE;
+        bool all_converted= true;
         for (arg=args+1, arg_end=args+arg_count; arg != arg_end ; arg++)
         {
-           if (!convert_const_to_int(thd, field_item, &arg[0]))
-            all_converted= FALSE;
+          /*
+            Explicit NULLs should not affect data cmp_type resolution:
+            - we ignore NULLs when calling collect_cmp_type()
+            - we ignore NULLs here
+            So this expression:
+              year_column IN (DATE'2001-01-01', NULL)
+            switches from TIME_RESULT to INT_RESULT.
+          */
+          if (arg[0]->type() != Item::NULL_ITEM &&
+              !convert_const_to_int(thd, field_item, &arg[0]))
+           all_converted= false;
         }
         if (all_converted)
           cmp_type= INT_RESULT;