From a204ce2788987a611bb3b6798afdc7f4f2553556 Mon Sep 17 00:00:00 2001
From: Kristian Nielsen <knielsen@knielsen-hq.org>
Date: Sun, 17 Dec 2023 13:57:26 +0100
Subject: [PATCH] MDEV-33045: Server crashes in
 Item_func_binlog_gtid_pos::val_str / Binary_string::c_ptr_safe

Item::val_str() sets the Item::null_value flag, so call it before checking
the flag, not after.

Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
---
 mysql-test/suite/binlog_encryption/rpl_gtid_basic.result | 7 +++++++
 mysql-test/suite/rpl/r/rpl_gtid_basic.result             | 7 +++++++
 mysql-test/suite/rpl/t/rpl_gtid_basic.test               | 7 +++++++
 sql/item_strfunc.cc                                      | 6 +++---
 4 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/mysql-test/suite/binlog_encryption/rpl_gtid_basic.result b/mysql-test/suite/binlog_encryption/rpl_gtid_basic.result
index 5771b0f405f..99721813159 100644
--- a/mysql-test/suite/binlog_encryption/rpl_gtid_basic.result
+++ b/mysql-test/suite/binlog_encryption/rpl_gtid_basic.result
@@ -182,6 +182,13 @@ BINLOG_GTID_POS('master-bin.000001',18446744073709551616)
 NULL
 Warnings:
 Warning	1916	Got overflow when converting '18446744073709551616' to INT. Value truncated
+SET sql_log_bin= 0;
+CREATE TABLE t1 AS SELECT MASTER_POS_WAIT(@binlog_file, 4, 0);
+SELECT BINLOG_GTID_POS(@binlog_file, 4);
+BINLOG_GTID_POS(@binlog_file, 4)
+NULL
+DROP TABLE t1;
+SET sql_log_bin= 1;
 *** Some tests of @@GLOBAL.gtid_binlog_state ***
 connection server_2;
 include/sync_with_master_gtid.inc
diff --git a/mysql-test/suite/rpl/r/rpl_gtid_basic.result b/mysql-test/suite/rpl/r/rpl_gtid_basic.result
index aefb80a7c13..afc700a72c5 100644
--- a/mysql-test/suite/rpl/r/rpl_gtid_basic.result
+++ b/mysql-test/suite/rpl/r/rpl_gtid_basic.result
@@ -182,6 +182,13 @@ BINLOG_GTID_POS('master-bin.000001',18446744073709551616)
 NULL
 Warnings:
 Warning	1916	Got overflow when converting '18446744073709551616' to INT. Value truncated
+SET sql_log_bin= 0;
+CREATE TABLE t1 AS SELECT MASTER_POS_WAIT(@binlog_file, 4, 0);
+SELECT BINLOG_GTID_POS(@binlog_file, 4);
+BINLOG_GTID_POS(@binlog_file, 4)
+NULL
+DROP TABLE t1;
+SET sql_log_bin= 1;
 *** Some tests of @@GLOBAL.gtid_binlog_state ***
 connection server_2;
 include/sync_with_master_gtid.inc
diff --git a/mysql-test/suite/rpl/t/rpl_gtid_basic.test b/mysql-test/suite/rpl/t/rpl_gtid_basic.test
index 70bd0087f7a..a7af234d47e 100644
--- a/mysql-test/suite/rpl/t/rpl_gtid_basic.test
+++ b/mysql-test/suite/rpl/t/rpl_gtid_basic.test
@@ -162,6 +162,13 @@ eval SELECT BINLOG_GTID_POS('$valid_binlog_name',0);
 eval SELECT BINLOG_GTID_POS('$valid_binlog_name',18446744073709551615);
 eval SELECT BINLOG_GTID_POS('$valid_binlog_name',18446744073709551616);
 
+# MDEV-33045: Server crashes in Item_func_binlog_gtid_pos::val_str / Binary_string::c_ptr_safe
+SET sql_log_bin= 0;
+CREATE TABLE t1 AS SELECT MASTER_POS_WAIT(@binlog_file, 4, 0);
+SELECT BINLOG_GTID_POS(@binlog_file, 4);
+DROP TABLE t1;
+SET sql_log_bin= 1;
+
 
 --echo *** Some tests of @@GLOBAL.gtid_binlog_state ***
 --connection server_2
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index 92d5e196da4..0373d2a94a6 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -3232,12 +3232,12 @@ String *Item_func_binlog_gtid_pos::val_str(String *str)
   String name_str, *name;
   longlong pos;
 
-  if (args[0]->null_value || args[1]->null_value)
-    goto err;
-
   name= args[0]->val_str(&name_str);
   pos= args[1]->val_int();
 
+  if (args[0]->null_value || args[1]->null_value)
+    goto err;
+
   if (pos < 0 || pos > UINT_MAX32)
     goto err;