From 30d32207e724ebf9dca7c2ecdaec04b076cd902b Mon Sep 17 00:00:00 2001
From: Ramil Kalimullin <ramil.kalimullin@oracle.com>
Date: Mon, 5 Mar 2012 22:15:23 +0400
Subject: [PATCH] BUG#12537203 - CRASH WHEN SUBSELECTING GLOBAL VARIABLES IN
 GEOMETRY FUNCTION ARGUMENTS

A defect in the subquery substitution code may lead to a server crash:
setting substitution's name should be followed by setting its length
(to keep them in sync).


mysql-test/r/gis.result:
  BUG#12537203 - CRASH WHEN SUBSELECTING GLOBAL VARIABLES IN GEOMETRY FUNCTION ARGUMENTS
    test result.
mysql-test/t/gis.test:
  BUG#12537203 - CRASH WHEN SUBSELECTING GLOBAL VARIABLES IN GEOMETRY FUNCTION ARGUMENTS
    test case.
sql/item_subselect.cc:
  BUG#12537203 - CRASH WHEN SUBSELECTING GLOBAL VARIABLES IN GEOMETRY FUNCTION ARGUMENTS
    set substitution's name length as well as the name itself (to keep them in sync).
---
 mysql-test/r/gis.result | 6 ++++++
 mysql-test/t/gis.test   | 7 +++++++
 sql/item_subselect.cc   | 1 +
 3 files changed, 14 insertions(+)

diff --git a/mysql-test/r/gis.result b/mysql-test/r/gis.result
index 9b901e0f93f..9af100e479c 100644
--- a/mysql-test/r/gis.result
+++ b/mysql-test/r/gis.result
@@ -1081,4 +1081,10 @@ DROP TABLE t0, t1, t2;
 SELECT ISCLOSED(CONVERT(CONCAT('     ', 0x2), BINARY(20)));
 ISCLOSED(CONVERT(CONCAT('     ', 0x2), BINARY(20)))
 NULL
+#
+# BUG#12537203 - CRASH WHEN SUBSELECTING GLOBAL VARIABLES IN 
+# GEOMETRY FUNCTION ARGUMENTS
+#
+SELECT GEOMETRYCOLLECTION((SELECT @@OLD));
+ERROR 22007: Illegal non geometric '' value found during parsing
 End of 5.1 tests
diff --git a/mysql-test/t/gis.test b/mysql-test/t/gis.test
index fbd4c87cb97..c2a1416f9a1 100644
--- a/mysql-test/t/gis.test
+++ b/mysql-test/t/gis.test
@@ -818,5 +818,12 @@ DROP TABLE t0, t1, t2;
 --echo #
 SELECT ISCLOSED(CONVERT(CONCAT('     ', 0x2), BINARY(20)));
 
+--echo #
+--echo # BUG#12537203 - CRASH WHEN SUBSELECTING GLOBAL VARIABLES IN 
+--echo # GEOMETRY FUNCTION ARGUMENTS
+--echo #
+--error ER_ILLEGAL_VALUE_FOR_TYPE
+SELECT GEOMETRYCOLLECTION((SELECT @@OLD));
+
 
 --echo End of 5.1 tests
diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc
index e9e2e8bacf9..8335ae2ca8d 100644
--- a/sql/item_subselect.cc
+++ b/sql/item_subselect.cc
@@ -173,6 +173,7 @@ bool Item_subselect::fix_fields(THD *thd_param, Item **ref)
 
       (*ref)= substitution;
       substitution->name= name;
+      substitution->name_length= name_length;
       if (have_to_be_excluded)
 	engine->exclude();
       substitution= 0;