Skip to content

Commit ccaaa3d

Browse files
sanja-byelkinsanja-byelkin
committed
MDEV-20200: AddressSanitizer: use-after-poison in Item_direct_view_ref::get_null_ref_table
Do not cast wrong type.
1 parent 83d368a commit ccaaa3d

File tree

3 files changed

+51
-18
lines changed

3 files changed

+51
-18
lines changed

mysql-test/main/having.result

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -864,4 +864,13 @@ x
864864
Warnings:
865865
Warning 1292 Truncated incorrect DOUBLE value: 'x'
866866
DROP TABLE t1,t2;
867+
#
868+
# MDEV-20200: AddressSanitizer: use-after-poison in
869+
# Item_direct_view_ref::get_null_ref_table
870+
#
871+
CREATE TABLE t (f VARCHAR(512));
872+
INSERT INTO t VALUES ('a'),('b');
873+
SELECT * FROM t HAVING f = 'foo';
874+
f
875+
DROP TABLE t;
867876
# End of 10.4 tests

mysql-test/main/having.test

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -909,4 +909,17 @@ HAVING t.f != 112 AND t.f = 'x' AND t.f != 'a';
909909

910910
DROP TABLE t1,t2;
911911

912+
913+
--echo #
914+
--echo # MDEV-20200: AddressSanitizer: use-after-poison in
915+
--echo # Item_direct_view_ref::get_null_ref_table
916+
--echo #
917+
918+
CREATE TABLE t (f VARCHAR(512));
919+
INSERT INTO t VALUES ('a'),('b');
920+
SELECT * FROM t HAVING f = 'foo';
921+
922+
# Cleanup
923+
DROP TABLE t;
924+
912925
--echo # End of 10.4 tests

sql/sql_select.cc

Lines changed: 29 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -14333,27 +14333,38 @@ bool check_simple_equality(THD *thd, const Item::Context &ctx,
1433314333
{
1433414334
Item *orig_left_item= left_item;
1433514335
Item *orig_right_item= right_item;
14336-
if (left_item->type() == Item::REF_ITEM &&
14337-
(((Item_ref*)left_item)->ref_type() == Item_ref::VIEW_REF ||
14338-
((Item_ref*)left_item)->ref_type() == Item_ref::REF))
14336+
if (left_item->type() == Item::REF_ITEM)
1433914337
{
14340-
if (((Item_ref*)left_item)->get_depended_from())
14341-
return FALSE;
14342-
if (((Item_direct_view_ref*)left_item)->get_null_ref_table() !=
14343-
NO_NULL_TABLE && !left_item->real_item()->used_tables())
14344-
return FALSE;
14345-
left_item= left_item->real_item();
14338+
Item_ref::Ref_Type left_ref= ((Item_ref*)left_item)->ref_type();
14339+
14340+
if (left_ref == Item_ref::VIEW_REF ||
14341+
left_ref == Item_ref::REF)
14342+
{
14343+
if (((Item_ref*)left_item)->get_depended_from())
14344+
return FALSE;
14345+
if (left_ref == Item_ref::VIEW_REF &&
14346+
((Item_direct_view_ref*)left_item)->get_null_ref_table() !=
14347+
NO_NULL_TABLE &&
14348+
!left_item->real_item()->used_tables())
14349+
return FALSE;
14350+
left_item= left_item->real_item();
14351+
}
1434614352
}
14347-
if (right_item->type() == Item::REF_ITEM &&
14348-
(((Item_ref*)right_item)->ref_type() == Item_ref::VIEW_REF ||
14349-
((Item_ref*)right_item)->ref_type() == Item_ref::REF))
14353+
if (right_item->type() == Item::REF_ITEM)
1435014354
{
14351-
if (((Item_ref*)right_item)->get_depended_from())
14352-
return FALSE;
14353-
if (((Item_direct_view_ref*)right_item)->get_null_ref_table() !=
14354-
NO_NULL_TABLE && !right_item->real_item()->used_tables())
14355-
return FALSE;
14356-
right_item= right_item->real_item();
14355+
Item_ref::Ref_Type right_ref= ((Item_ref*)right_item)->ref_type();
14356+
if (right_ref == Item_ref::VIEW_REF ||
14357+
(right_ref == Item_ref::REF))
14358+
{
14359+
if (((Item_ref*)right_item)->get_depended_from())
14360+
return FALSE;
14361+
if (right_ref == Item_ref::VIEW_REF &&
14362+
((Item_direct_view_ref*)right_item)->get_null_ref_table() !=
14363+
NO_NULL_TABLE &&
14364+
!right_item->real_item()->used_tables())
14365+
return FALSE;
14366+
right_item= right_item->real_item();
14367+
}
1435714368
}
1435814369
if (left_item->type() == Item::FIELD_ITEM &&
1435914370
right_item->type() == Item::FIELD_ITEM &&

0 commit comments

Comments
 (0)