BUG#14019 : group by converts literal string to column name

When resolving unqualified name references MySQL was not checking what is the item type for the reference. Thus e.g a string literal item that has by convention a name equal to its string value will also work as a reference to a SELECT list item or a table field. Fixed by allowing only Item_ref or Item_field to referenced by (unqualified) name.
2025-08-01 03:47:19 +03:00 · 2006-10-16 13:10:25 +03:00
parent 55dd569bab
commit 115616381d
5 changed files with 77 additions and 8 deletions
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@ -2284,12 +2284,19 @@ find_item_in_list(Item *find, List<Item> &items, uint *counter,
  const char *field_name=0;
  const char *table_name=0;
  bool found_unaliased_non_uniq= 0;
+  /*
+    true if the item that we search for is a valid name reference
+    (and not an item that happens to have a name).
+  */
+  bool is_ref_by_name= 0;
  uint unaliased_counter;

  LINT_INIT(unaliased_counter);
  *unaliased= FALSE;

-  if (find->type() == Item::FIELD_ITEM	|| find->type() == Item::REF_ITEM)
+  is_ref_by_name= (find->type() == Item::FIELD_ITEM  || 
+                   find->type() == Item::REF_ITEM);
+  if (is_ref_by_name)
  {
    field_name= ((Item_ident*) find)->field_name;
    table_name= ((Item_ident*) find)->table_name;
@ -2401,7 +2408,7 @@ find_item_in_list(Item *find, List<Item> &items, uint *counter,
      }
    }
    else if (!table_name && (item->eq(find,0) ||
-			     find->name && item->name &&
+			     is_ref_by_name && find->name && item->name &&
 			     !my_strcasecmp(system_charset_info, 
 					    item->name,find->name)))
    {