mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
MDEV-10306 Wrong results with combination of CONCAT, SUBSTR and CONVERT in subquery
The bug happens because of a combination of unfortunate circumstances: 1. Arguments args[0] and args[2] of Item_func_concat point recursively (through Item_direct_view_ref's) to the same Item_func_conv_charset. Both args[0]->args[0]->ref[0] and args[2]->args[0]->ref[0] refer to this Item_func_conv_charset. 2. When Item_func_concat::args[0]->val_str() is called, Item_func_conv_charset::val_str() writes its result to Item_func_conc_charset::tmp_value. 3. Then, for optimization purposes (to avoid copying), Item_func_substr::val_str() initializes Item_func_substr::tmp_value to point to the buffer fragment owned by Item_func_conv_charset::tmp_value Item_func_substr::tmp_value is returned as a result of Item_func_concat::args[0]->val_str(). 4. Due to optimization to avoid memory reallocs, Item_func_concat::val_str() remembers the result of args[0]->val_str() in "res" and further uses "res" to collect the return value. 5. When Item_func_concat::args[2]->val_str() is called, Item_func_conv_charset::tmp_value gets overwritten (see #1), which effectively overwrites args[0]'s Item_func_substr::tmp_value (see #3), which effectively overwrites "res" (see #4). This patch does the following: a. Changes Item_func_conv_charset::val_str(String *str) to use tmp_value and str the other way around. After this change tmp_value is used to store a temporary result, while str is used to return the value. The fixes the second problem (without SUBSTR): SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT CONVERT(t USING latin1) t2 FROM t1) sub; As Item_func_concat::val_str() supplies two different buffers when calling args[0]->val_str() and args[2]->val_str(), in the new reduction the result created during args[0]->val_str() does not get overwritten by args[2]->val_str(). b. Fixing the same problem in val_str() for similar classes Item_func_to_base64 Item_func_from_base64 Item_func_weight_string Item_func_hex Item_func_unhex Item_func_quote Item_func_compress Item_func_uncompress Item_func_des_encrypt Item_func_des_decrypt Item_func_conv_charset Item_func_reverse Item_func_soundex Item_func_aes_encrypt Item_func_aes_decrypt Item_func_buffer c. Fixing Item_func::val_str_from_val_str_ascii() the same way. Now Item_str_ascii_func::ascii_buff is used for temporary value, while the parameter passed to val_str() is used to return the result. This fixes the same problem when conversion (from ASCII to e.g. UCS2) takes place. See the ctype_ucs.test for example queries that returned wrong results before the fix. d. Some Item_func descendand classes had temporary String buffers (tmp_value and tmp_str), but did not really use them. Removing these temporary buffers from: Item_func_decode_histogram Item_func_format Item_func_binlog_gtid_pos Item_func_spatial_collection: e. Removing Item_func_buffer::tmp_value, because it's not used any more. f. Renaming Item_func_[un]compress::buffer to "tmp_value", for consistency with other classes. Note, this patch does not fix the following classes (although they have a similar problem): Item_str_conv Item_func_make_set Item_char_typecast They have a complex implementations and simple swapping between "tmp_value" and "str" won't work. These classes will be fixed separately.
This commit is contained in:
Alexander Barkov
@ -149,3 +149,116 @@ CALL p1();
|
||||
########################################40100.000
|
||||
DROP PROCEDURE p1;
|
||||
# End of 5.1 tests
|
||||
#
|
||||
# Start of 10.0 tests
|
||||
#
|
||||
#
|
||||
# MDEV-10306 Wrong results with combination of CONCAT, SUBSTR and CONVERT in subquery
|
||||
#
|
||||
SET @save_optimizer_switch=@@optimizer_switch;
|
||||
SET optimizer_switch='derived_merge=on';
|
||||
CREATE TABLE t1 (t VARCHAR(10) CHARSET latin1);
|
||||
INSERT INTO t1 VALUES('1234567');
|
||||
SELECT CONCAT(SUBSTR(t2, 1, 3), SUBSTR(t2, 5)) c1,
|
||||
CONCAT(SUBSTR(t2,1,3),'---',SUBSTR(t2,5)) c2
|
||||
FROM (SELECT CONVERT(t USING latin1) t2 FROM t1) sub;
|
||||
c1 c2
|
||||
123567 123---567
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT CONVERT(t USING latin1) t2 FROM t1) sub;
|
||||
c2
|
||||
1234567-1234567
|
||||
DROP TABLE t1;
|
||||
CREATE TABLE t1 (t VARCHAR(10) CHARSET latin1);
|
||||
INSERT INTO t1 VALUES('1234567');
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT CONVERT(t USING latin1) t2 FROM t1) sub;
|
||||
c2
|
||||
1234567-1234567
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT REVERSE(t) t2 FROM t1) sub;
|
||||
c2
|
||||
7654321-7654321
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT SOUNDEX(t) t2 FROM t1) sub;
|
||||
c2
|
||||
-
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT TO_BASE64(t) t2 FROM t1) sub;
|
||||
c2
|
||||
MTIzNDU2Nw==-MTIzNDU2Nw==
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT WEIGHT_STRING(t) t2 FROM t1) sub;
|
||||
c2
|
||||
1234567-1234567
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT HEX(t) t2 FROM t1) sub;
|
||||
c2
|
||||
31323334353637-31323334353637
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT QUOTE(t) t2 FROM t1) sub;
|
||||
c2
|
||||
'1234567'-'1234567'
|
||||
DROP TABLE t1;
|
||||
CREATE TABLE t1 (t VARCHAR(32) CHARSET latin1);
|
||||
INSERT INTO t1 VALUES(TO_BASE64('abcdefghi'));
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT FROM_BASE64(t) t2 FROM t1) sub;
|
||||
c2
|
||||
abcdefghi-abcdefghi
|
||||
DROP TABLE t1;
|
||||
CREATE TABLE t1 (t VARCHAR(32) CHARSET latin1);
|
||||
INSERT INTO t1 VALUES(HEX('abcdefghi'));
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT UNHEX(t) t2 FROM t1) sub;
|
||||
c2
|
||||
abcdefghi-abcdefghi
|
||||
DROP TABLE t1;
|
||||
CREATE TABLE t1 (t VARCHAR(30) CHARSET latin1);
|
||||
INSERT INTO t1 VALUES('test');
|
||||
SELECT LENGTH(CONCAT(t2)) c2 FROM (SELECT AES_ENCRYPT(t,'x') t2 FROM t1) sub;
|
||||
c2
|
||||
16
|
||||
SELECT LENGTH(CONCAT(t2,'-',t2)) c2 FROM (SELECT AES_ENCRYPT(t,'x') t2 FROM t1) sub;
|
||||
c2
|
||||
33
|
||||
SELECT LENGTH(CONCAT(t2,'--',t2)) c2 FROM (SELECT AES_ENCRYPT(t,'x') t2 FROM t1) sub;
|
||||
c2
|
||||
34
|
||||
SELECT LENGTH(CONCAT(t2)) c2 FROM (SELECT AES_DECRYPT(AES_ENCRYPT(t,'x'),'x') t2 FROM t1) sub;
|
||||
c2
|
||||
4
|
||||
SELECT LENGTH(CONCAT(t2,'-',t2)) c2 FROM (SELECT AES_DECRYPT(AES_ENCRYPT(t,'x'),'x') t2 FROM t1) sub;
|
||||
c2
|
||||
9
|
||||
SELECT LENGTH(CONCAT(t2,'--',t2)) c2 FROM (SELECT AES_DECRYPT(AES_ENCRYPT(t,'x'),'x') t2 FROM t1) sub;
|
||||
c2
|
||||
10
|
||||
DROP TABLE t1;
|
||||
CREATE TABLE t1 (t VARCHAR(64) CHARSET latin1);
|
||||
INSERT INTO t1 VALUES('123456789');
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT MD5(t) t2 FROM t1) sub;
|
||||
c2
|
||||
25f9e794323b453885f5181f1b624d0b-25f9e794323b453885f5181f1b624d0b
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT FORMAT(t,2) t2 FROM t1) sub;
|
||||
c2
|
||||
123,456,789.00-123,456,789.00
|
||||
DROP TABLE t1;
|
||||
CREATE TABLE t1 (t VARCHAR(32) CHARSET latin1);
|
||||
INSERT INTO t1 VALUES('abcdefghi');
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT INSERT(t,3,4,'xxx') t2 FROM t1) sub;
|
||||
c2
|
||||
abxxxghi-abxxxghi
|
||||
DROP TABLE t1;
|
||||
CREATE TABLE t1 (t VARCHAR(10) CHARSET latin1);
|
||||
INSERT INTO t1 VALUES('abcdefghi');
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT LEFT(t,10) t2 FROM t1) sub;
|
||||
c2
|
||||
abcdefghi-abcdefghi
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT RIGHT(t,10) t2 FROM t1) sub;
|
||||
c2
|
||||
abcdefghi-abcdefghi
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT SUBSTR(t,1,10) t2 FROM t1) sub;
|
||||
c2
|
||||
abcdefghi-abcdefghi
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT LTRIM(t) t2 FROM t1) sub;
|
||||
c2
|
||||
abcdefghi-abcdefghi
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT RTRIM(t) t2 FROM t1) sub;
|
||||
c2
|
||||
abcdefghi-abcdefghi
|
||||
SELECT CONCAT(t2,'-',t2) c2 FROM (SELECT TRIM(t) t2 FROM t1) sub;
|
||||
c2
|
||||
abcdefghi-abcdefghi
|
||||
DROP TABLE t1;
|
||||
SET optimizer_switch=@save_optimizer_switch;
|
||||
|
||||
Reference in New Issue
Block a user