database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-20200: AddressSanitizer: use-after-poison in Item_direct_view_ref::get_null_ref_table

Browse Source 
Do not cast wrong type.
This commit is contained in:
Oleksandr Byelkin
2019-07-29 16:44:39 +02:00
parent 83d368a062
commit ccaaa3d200
3 changed files with 51 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
mysql-test/main/having.result
View File

@ -864,4 +864,13 @@ x
Warnings:
Warning 1292 Truncated incorrect DOUBLE value: 'x'
DROP TABLE t1,t2;
#
# MDEV-20200: AddressSanitizer: use-after-poison in
# Item_direct_view_ref::get_null_ref_table
#
CREATE TABLE t (f VARCHAR(512));
INSERT INTO t VALUES ('a'),('b');
SELECT * FROM t HAVING f = 'foo';
f
DROP TABLE t;
# End of 10.4 tests

13
mysql-test/main/having.test
View File

@ -909,4 +909,17 @@ HAVING t.f != 112 AND t.f = 'x' AND t.f != 'a';
DROP TABLE t1,t2;
--echo #
--echo # MDEV-20200: AddressSanitizer: use-after-poison in
--echo # Item_direct_view_ref::get_null_ref_table
--echo #
CREATE TABLE t (f VARCHAR(512));
INSERT INTO t VALUES ('a'),('b');
SELECT * FROM t HAVING f = 'foo';
# Cleanup
DROP TABLE t;
--echo # End of 10.4 tests

31
sql/sql_select.cc
View File

@ -14333,28 +14333,39 @@ bool check_simple_equality(THD *thd, const Item::Context &ctx,
{
Item *orig_left_item= left_item;
Item *orig_right_item= right_item;
if (left_item->type() == Item::REF_ITEM &&
(((Item_ref*)left_item)->ref_type() == Item_ref::VIEW_REF ||
((Item_ref*)left_item)->ref_type() == Item_ref::REF))
if (left_item->type() == Item::REF_ITEM)
{
Item_ref::Ref_Type left_ref= ((Item_ref*)left_item)->ref_type();
if (left_ref == Item_ref::VIEW_REF ||
left_ref == Item_ref::REF)
{
if (((Item_ref*)left_item)->get_depended_from())
return FALSE;
if (((Item_direct_view_ref*)left_item)->get_null_ref_table() !=
NO_NULL_TABLE && !left_item->real_item()->used_tables())
if (left_ref == Item_ref::VIEW_REF &&
((Item_direct_view_ref*)left_item)->get_null_ref_table() !=
NO_NULL_TABLE &&
!left_item->real_item()->used_tables())
return FALSE;
left_item= left_item->real_item();
}
if (right_item->type() == Item::REF_ITEM &&
(((Item_ref*)right_item)->ref_type() == Item_ref::VIEW_REF ||
((Item_ref*)right_item)->ref_type() == Item_ref::REF))
}
if (right_item->type() == Item::REF_ITEM)
{
Item_ref::Ref_Type right_ref= ((Item_ref*)right_item)->ref_type();
if (right_ref == Item_ref::VIEW_REF ||
(right_ref == Item_ref::REF))
{
if (((Item_ref*)right_item)->get_depended_from())
return FALSE;
if (((Item_direct_view_ref*)right_item)->get_null_ref_table() !=
NO_NULL_TABLE && !right_item->real_item()->used_tables())
if (right_ref == Item_ref::VIEW_REF &&
((Item_direct_view_ref*)right_item)->get_null_ref_table() !=
NO_NULL_TABLE &&
!right_item->real_item()->used_tables())
return FALSE;
right_item= right_item->real_item();
}
}
if (left_item->type() == Item::FIELD_ITEM &&
right_item->type() == Item::FIELD_ITEM &&
!((Item_field*)left_item)->get_depended_from() &&