mirror of
https://github.com/MariaDB/server.git
synced 2025-11-21 06:21:35 +03:00
0e6560398c
Incorrect handling of NULL arguments could lead to a crash on the IN or CASE operations when either NULL arguments were passed explicitly as arguments (IN) or implicitly generated by the WITH ROLLUP modifier (both IN and CASE). Item_func_case::find_item() assumed all necessary comparators to be instantiated in fix_length_and_dec(). However, in the presence of WITH ROLLUP modifier, arguments could be substituted with an Item_null leading to an "unexpected" STRING_RESULT comparator being invoked. In addition to the problem identical to the above, Item_func_in::val_int() could crash even with explicitly passed NULL arguments due to an optimization in fix_length_and_dec() leading to NULL arguments being ignored during comparators creation. mysql-test/r/func_in.result: Test cases for bug#54477. mysql-test/t/func_in.test: Test cases for bug#54477. sql/item_cmpfunc.cc: Added additional checks for Item_nulls in Item_func_case::find_item() and Item_func_in::val_int().
16 KiB
16 KiB