From ef13c12c0a6afc1f9c5c327a210ebe7ba464471c Mon Sep 17 00:00:00 2001
From: Ramil Kalimullin <ramil@mysql.com>
Date: Wed, 3 Sep 2008 15:17:19 +0500
Subject: [PATCH 1/2] Fix for bug#38821: Assert
 table->auto_increment_field_not_null failed in open_table()

Problem: repeating "CREATE... ( AUTOINCREMENT) ... SELECT" may lead to
an assertion failure.

Fix: reset table->auto_increment_field_not_null after each record
writing.
---
 mysql-test/r/create.result | 11 +++++++++++
 mysql-test/t/create.test   | 18 ++++++++++++++++++
 sql/sql_insert.cc          |  6 +++++-
 3 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/create.result b/mysql-test/r/create.result
index 53c2058f3ec..2d668499df3 100644
--- a/mysql-test/r/create.result
+++ b/mysql-test/r/create.result
@@ -1546,4 +1546,15 @@ SHOW INDEX FROM t1;
 Table	Non_unique	Key_name	Seq_in_index	Column_name	Collation	Cardinality	Sub_part	Packed	Null	Index_type	Comment
 t1	1	c1	1	c1	A	NULL	NULL	NULL	YES	BTREE	
 DROP TABLE t1;
+CREATE TABLE t1 (a INTEGER AUTO_INCREMENT PRIMARY KEY, b INTEGER NOT NULL);
+INSERT IGNORE INTO t1 (b) VALUES (5);
+CREATE TABLE IF NOT EXISTS t2 (a INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY)
+SELECT a FROM t1;
+CREATE TABLE IF NOT EXISTS t2 (a INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY)
+SELECT a FROM t1;
+ERROR 23000: Duplicate entry '1' for key 1
+CREATE TABLE IF NOT EXISTS t2 (a INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY)
+SELECT a FROM t1;
+ERROR 23000: Duplicate entry '1' for key 1
+DROP TABLE t1, t2;
 End of 5.0 tests
diff --git a/mysql-test/t/create.test b/mysql-test/t/create.test
index 97a7ea71b29..61ee40477ee 100644
--- a/mysql-test/t/create.test
+++ b/mysql-test/t/create.test
@@ -1172,4 +1172,22 @@ SHOW INDEX FROM t1;
 DROP TABLE t1;
 
 
+#
+# Bug#38821: Assert table->auto_increment_field_not_null failed in open_table()
+#
+CREATE TABLE t1 (a INTEGER AUTO_INCREMENT PRIMARY KEY, b INTEGER NOT NULL);
+INSERT IGNORE INTO t1 (b) VALUES (5);
+
+CREATE TABLE IF NOT EXISTS t2 (a INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY)
+  SELECT a FROM t1;
+--error 1062
+CREATE TABLE IF NOT EXISTS t2 (a INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY)
+  SELECT a FROM t1;
+--error 1062
+CREATE TABLE IF NOT EXISTS t2 (a INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY)
+  SELECT a FROM t1;
+
+DROP TABLE t1, t2;
+
+
 --echo End of 5.0 tests
diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc
index 746a04e03f3..3f43c902faa 100644
--- a/sql/sql_insert.cc
+++ b/sql/sql_insert.cc
@@ -2897,7 +2897,11 @@ bool select_insert::send_data(List<Item> &values)
       DBUG_RETURN(1);
     }
   }
-  if (!(error= write_record(thd, table, &info)))
+  
+  error= write_record(thd, table, &info);
+  table->auto_increment_field_not_null= FALSE;
+  
+  if (!error)
   {
     if (table->triggers || info.handle_duplicates == DUP_UPDATE)
     {

From 0994c961a7893c7b660a5dcc86f9088210dc3aea Mon Sep 17 00:00:00 2001
From: Ramil Kalimullin <ramil@mysql.com>
Date: Fri, 5 Sep 2008 13:30:01 +0500
Subject: [PATCH 2/2] Fix for bug #39021: SELECT REGEXP BINARY NULL never
 returns

Problem: SELECT ... REGEXP BINARY NULL may lead to server crash/hang.

Fix: properly handle NULL regular expressions.
---
 mysql-test/r/func_regexp.result | 12 ++++++++++++
 mysql-test/t/func_regexp.test   | 10 ++++++++++
 sql/item_cmpfunc.cc             | 31 ++++++++++++++++++++++---------
 sql/item_cmpfunc.h              |  2 +-
 4 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/mysql-test/r/func_regexp.result b/mysql-test/r/func_regexp.result
index c2dbfc3c331..f3a1c625a09 100644
--- a/mysql-test/r/func_regexp.result
+++ b/mysql-test/r/func_regexp.result
@@ -114,4 +114,16 @@ End of 4.1 tests
 SELECT 1 REGEXP NULL;
 1 REGEXP NULL
 NULL
+SELECT '' REGEXP BINARY NULL;
+'' REGEXP BINARY NULL
+NULL
+SELECT NULL REGEXP BINARY NULL;
+NULL REGEXP BINARY NULL
+NULL
+SELECT 'A' REGEXP BINARY NULL;
+'A' REGEXP BINARY NULL
+NULL
+SELECT "ABC" REGEXP BINARY NULL;
+"ABC" REGEXP BINARY NULL
+NULL
 End of 5.0 tests
diff --git a/mysql-test/t/func_regexp.test b/mysql-test/t/func_regexp.test
index 1b35fab9d54..43fda0d11a8 100644
--- a/mysql-test/t/func_regexp.test
+++ b/mysql-test/t/func_regexp.test
@@ -64,4 +64,14 @@ drop table t1;
 
 SELECT 1 REGEXP NULL;
 
+
+#
+# Bug #39021: SELECT REGEXP BINARY NULL never returns
+#
+
+SELECT '' REGEXP BINARY NULL;
+SELECT NULL REGEXP BINARY NULL;
+SELECT 'A' REGEXP BINARY NULL;
+SELECT "ABC" REGEXP BINARY NULL;
+
 --echo End of 5.0 tests
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index 1994f6bf1a5..bec6c315c5e 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -4341,8 +4341,20 @@ void Item_func_like::cleanup()
 
 #ifdef USE_REGEX
 
-bool
-Item_func_regex::regcomp(bool send_error)
+/**
+  @brief Compile regular expression.
+
+  @param[in]    send_error     send error message if any.
+
+  @details Make necessary character set conversion then 
+  compile regular expression passed in the args[1].
+
+  @retval    0     success.
+  @retval    1     error occurred.
+  @retval   -1     given null regular expression.
+ */
+
+int Item_func_regex::regcomp(bool send_error)
 {
   char buff[MAX_FIELD_WIDTH];
   String tmp(buff,sizeof(buff),&my_charset_bin);
@@ -4350,12 +4362,12 @@ Item_func_regex::regcomp(bool send_error)
   int error;
 
   if (args[1]->null_value)
-    return TRUE;
+    return -1;
 
   if (regex_compiled)
   {
     if (!stringcmp(res, &prev_regexp))
-      return FALSE;
+      return 0;
     prev_regexp.copy(*res);
     my_regfree(&preg);
     regex_compiled= 0;
@@ -4367,7 +4379,7 @@ Item_func_regex::regcomp(bool send_error)
     uint dummy_errors;
     if (conv.copy(res->ptr(), res->length(), res->charset(),
                   regex_lib_charset, &dummy_errors))
-      return TRUE;
+      return 1;
     res= &conv;
   }
 
@@ -4379,10 +4391,10 @@ Item_func_regex::regcomp(bool send_error)
       (void) my_regerror(error, &preg, buff, sizeof(buff));
       my_error(ER_REGEXP_ERROR, MYF(0), buff);
     }
-    return TRUE;
+    return 1;
   }
   regex_compiled= 1;
-  return FALSE;
+  return 0;
 }
 
 
@@ -4420,13 +4432,14 @@ Item_func_regex::fix_fields(THD *thd, Item **ref)
   const_item_cache=args[0]->const_item() && args[1]->const_item();
   if (!regex_compiled && args[1]->const_item())
   {
-    if (args[1]->null_value)
+    int comp_res= regcomp(TRUE);
+    if (comp_res == -1)
     {						// Will always return NULL
       maybe_null=1;
       fixed= 1;
       return FALSE;
     }
-    if (regcomp(TRUE))
+    else if (comp_res)
       return TRUE;
     regex_is_const= 1;
     maybe_null= args[0]->maybe_null;
diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h
index d250e1b366a..1bd60ff37d9 100644
--- a/sql/item_cmpfunc.h
+++ b/sql/item_cmpfunc.h
@@ -1323,7 +1323,7 @@ class Item_func_regex :public Item_bool_func
   CHARSET_INFO *regex_lib_charset;
   int regex_lib_flags;
   String conv;
-  bool regcomp(bool send_error);
+  int regcomp(bool send_error);
 public:
   Item_func_regex(Item *a,Item *b) :Item_bool_func(a,b),
     regex_compiled(0),regex_is_const(0) {}