From 5fbc2904bccbcd5e3609a4a660105ccab117c7c6 Mon Sep 17 00:00:00 2001
From: Sergey Glukhov <Sergey.Glukhov@sun.com>
Date: Thu, 10 Sep 2009 15:24:07 +0500
Subject: [PATCH] Bug#46815 CONCAT_WS returning wrong data The problem is that
 argument buffer can be used as result buffer and it leads to argument value
 change. The fix is to use 'old buffer' as result buffer only if first
 argument is not constant item.

---
 mysql-test/r/func_str.result |  9 +++++++++
 mysql-test/t/func_str.test   | 13 +++++++++++++
 sql/item_strfunc.cc          |  7 ++++++-
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/func_str.result b/mysql-test/r/func_str.result
index 75f8983e838..bf2a9ca8901 100644
--- a/mysql-test/r/func_str.result
+++ b/mysql-test/r/func_str.result
@@ -2196,4 +2196,13 @@ SELECT LOAD_FILE(a) FROM t1;
 LOAD_FILE(a)
 NULL
 DROP TABLE t1;
+CREATE TABLE t1 (f2 VARCHAR(20));
+CREATE TABLE t2 (f2 VARCHAR(20));
+INSERT INTO t1 VALUES ('MIN'),('MAX');
+INSERT INTO t2 VALUES ('LOAD');
+SELECT CONCAT_WS('_', (SELECT t2.f2 FROM t2), t1.f2) AS concat_name FROM t1;
+concat_name
+LOAD_MIN
+LOAD_MAX
+DROP TABLE t1, t2;
 End of 5.0 tests
diff --git a/mysql-test/t/func_str.test b/mysql-test/t/func_str.test
index 4b0f91e4408..e396fbcebd8 100644
--- a/mysql-test/t/func_str.test
+++ b/mysql-test/t/func_str.test
@@ -1177,5 +1177,18 @@ INSERT INTO t1 VALUES ('aaaaaaaa');
 SELECT LOAD_FILE(a) FROM t1;
 DROP TABLE t1;
 
+#
+# Bug#46815 CONCAT_WS returning wrong data
+#
+CREATE TABLE t1 (f2 VARCHAR(20));
+CREATE TABLE t2 (f2 VARCHAR(20));
+
+INSERT INTO t1 VALUES ('MIN'),('MAX');
+INSERT INTO t2 VALUES ('LOAD');
+
+SELECT CONCAT_WS('_', (SELECT t2.f2 FROM t2), t1.f2) AS concat_name FROM t1;
+
+DROP TABLE t1, t2;
+
 
 --echo End of 5.0 tests
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index e3fe67f4324..6f697a1665a 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -600,6 +600,7 @@ String *Item_func_concat_ws::val_str(String *str)
   String tmp_sep_str(tmp_str_buff, sizeof(tmp_str_buff),default_charset_info),
          *sep_str, *res, *res2,*use_as_buff;
   uint i;
+  bool is_const= 0;
 
   null_value=0;
   if (!(sep_str= args[0]->val_str(&tmp_sep_str)))
@@ -613,7 +614,11 @@ String *Item_func_concat_ws::val_str(String *str)
   // If not, return the empty string
   for (i=1; i < arg_count; i++)
     if ((res= args[i]->val_str(str)))
+    {
+      is_const= args[i]->const_item() || !args[i]->used_tables();
       break;
+    }
+
   if (i ==  arg_count)
     return &my_empty_string;
 
@@ -631,7 +636,7 @@ String *Item_func_concat_ws::val_str(String *str)
 			  current_thd->variables.max_allowed_packet);
       goto null;
     }
-    if (res->alloced_length() >=
+    if (!is_const && res->alloced_length() >=
 	res->length() + sep_str->length() + res2->length())
     {						// Use old buffer
       res->append(*sep_str);			// res->length() > 0 always