Skip to content

Commit eb47b22

Browse files
cvicentiucvicentiu
committed
MDEV-7820 Server crashes in in my_strcasecmp_utf8 on subquery in ORDER BY clause of GROUP_CONCAT
It is possible for Item_field to have a NULL field_name. This is true if the Item_field is created based on a field in a temporary table that has no name. It is thus necessary to do a null check before attempting a strcmp.
1 parent cc84ac3 commit eb47b22

File tree

3 files changed

+31
-1
lines changed

3 files changed

+31
-1
lines changed

mysql-test/r/func_gconcat.result

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1091,3 +1091,15 @@ insert into t1 values ('a'),('b');
10911091
select 1 from t1 where a in (select group_concat(a) from t1);
10921092
1
10931093
drop table t1;
1094+
CREATE TABLE t1 (f1 VARCHAR(10)) ENGINE=MyISAM;
1095+
INSERT INTO t1 VALUES ('a'),('b');
1096+
CREATE TABLE t2 (f2 VARCHAR(10)) ENGINE=MyISAM;
1097+
INSERT INTO t2 VALUES ('c');
1098+
CREATE TABLE t3 (f3 VARCHAR(10)) ENGINE=MyISAM;
1099+
INSERT INTO t3 VALUES ('d'),('e');
1100+
SELECT GROUP_CONCAT( f2 ORDER BY ( f2 IN ( SELECT f1 FROM t1 WHERE f1 <= f2 ) ) ) AS field
1101+
FROM ( SELECT * FROM t2 ) AS sq2, t3
1102+
ORDER BY field;
1103+
field
1104+
c,c
1105+
drop table t3, t2, t1;

mysql-test/t/func_gconcat.test

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -803,3 +803,21 @@ create table t1 (a char(1) character set utf8);
803803
insert into t1 values ('a'),('b');
804804
select 1 from t1 where a in (select group_concat(a) from t1);
805805
drop table t1;
806+
807+
#
808+
# MDEV-7820 Server crashes in in my_strcasecmp_utf8 on subquery in ORDER BY clause of GROUP_CONCAT
809+
#
810+
CREATE TABLE t1 (f1 VARCHAR(10)) ENGINE=MyISAM;
811+
INSERT INTO t1 VALUES ('a'),('b');
812+
813+
CREATE TABLE t2 (f2 VARCHAR(10)) ENGINE=MyISAM;
814+
INSERT INTO t2 VALUES ('c');
815+
816+
CREATE TABLE t3 (f3 VARCHAR(10)) ENGINE=MyISAM;
817+
INSERT INTO t3 VALUES ('d'),('e');
818+
819+
SELECT GROUP_CONCAT( f2 ORDER BY ( f2 IN ( SELECT f1 FROM t1 WHERE f1 <= f2 ) ) ) AS field
820+
FROM ( SELECT * FROM t2 ) AS sq2, t3
821+
ORDER BY field;
822+
823+
drop table t3, t2, t1;

sql/sql_base.cc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7256,7 +7256,7 @@ find_item_in_list(Item *find, List<Item> &items, uint *counter,
72567256
Item_field for tables.
72577257
*/
72587258
Item_ident *item_ref= (Item_ident *) item;
7259-
if (item_ref->name && item_ref->table_name &&
7259+
if (field_name && item_ref->name && item_ref->table_name &&
72607260
!my_strcasecmp(system_charset_info, item_ref->name, field_name) &&
72617261
!my_strcasecmp(table_alias_charset, item_ref->table_name,
72627262
table_name) &&

0 commit comments

Comments
 (0)