From b8d545156589a9a2d4297e3338498bf8362a559b Mon Sep 17 00:00:00 2001
From: "kroki/tomash@moonlight.intranet" <>
Date: Thu, 16 Nov 2006 13:21:38 +0300
Subject: [PATCH 1/2] BUG#17047: CHAR() and IN() can return NULL without
 signaling NULL result

The problem was that some functions (namely IN() starting with 4.1, and
CHAR() starting with 5.0) were returning NULL in certain conditions,
while they didn't set their maybe_null flag.  Because of that there could
be some problems with 'IS NULL' check, and statements that depend on the
function value domain, like CREATE TABLE t1 SELECT 1 IN (2, NULL);.

The fix is to set maybe_null correctly.
---
 mysql-test/r/func_in.result |  8 ++++++++
 mysql-test/t/func_in.test   | 22 +++++++++++++++++++++-
 sql/item_cmpfunc.cc         |  1 -
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/func_in.result b/mysql-test/r/func_in.result
index 3cf2afc83d1..f74c63f7260 100644
--- a/mysql-test/r/func_in.result
+++ b/mysql-test/r/func_in.result
@@ -202,3 +202,11 @@ select count(*) from t1 where id not in (1,2);
 count(*)
 1
 drop table t1;
+DROP TABLE IF EXISTS t1;
+CREATE TABLE t1 SELECT 1 IN (2, NULL);
+SELECT should return NULL.
+SELECT * FROM t1;
+1 IN (2, NULL)
+NULL
+DROP TABLE t1;
+End of 4.1 tests
diff --git a/mysql-test/t/func_in.test b/mysql-test/t/func_in.test
index 2ffe5a2d5f7..ffed2aac2a0 100644
--- a/mysql-test/t/func_in.test
+++ b/mysql-test/t/func_in.test
@@ -109,4 +109,24 @@ select count(*) from t1 where id not in (1);
 select count(*) from t1 where id not in (1,2);
 drop table t1;
 
-# End of 4.1 tests
+
+#
+# BUG#17047: CHAR() and IN() can return NULL without signaling NULL
+# result
+#
+# The problem was in the IN() function that ignored maybe_null flags
+# of all arguments except the first (the one _before_ the IN
+# keyword, '1' in the test case below).
+#
+--disable_warnings
+DROP TABLE IF EXISTS t1;
+--enable_warnings
+
+CREATE TABLE t1 SELECT 1 IN (2, NULL);
+--echo SELECT should return NULL.
+SELECT * FROM t1;
+
+DROP TABLE t1;
+
+
+--echo End of 4.1 tests
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index 6b6996160a1..859b4e0ecc1 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -1998,7 +1998,6 @@ void Item_func_in::fix_length_and_dec()
     if (cmp_type  == STRING_RESULT)
       in_item->cmp_charset= cmp_collation.collation;
   }
-  maybe_null= args[0]->maybe_null;
   max_length= 1;
 }
 

From 9e7f682116b03a2c7f7f0247482050f2303d568c Mon Sep 17 00:00:00 2001
From: "kroki/tomash@moonlight.intranet" <>
Date: Thu, 16 Nov 2006 14:06:51 +0300
Subject: [PATCH 2/2] Add 5.0 part of fix for bug 17047.

---
 mysql-test/r/func_str.result | 13 +++++++++++++
 mysql-test/t/func_str.test   | 14 ++++++++++++++
 sql/item_strfunc.cc          | 14 ++++++++++++++
 sql/item_strfunc.h           |  6 +++---
 4 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/mysql-test/r/func_str.result b/mysql-test/r/func_str.result
index c2c12f8d291..9588827d234 100644
--- a/mysql-test/r/func_str.result
+++ b/mysql-test/r/func_str.result
@@ -1148,4 +1148,17 @@ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 Warnings:
 Note	1003	select `test`.`t1`.`code` AS `code`,`test`.`t2`.`id` AS `id` from `test`.`t1` join `test`.`t2` where ((`test`.`t1`.`code` = _latin1'a12') and (length(`test`.`t1`.`code`) = 5))
 DROP TABLE t1,t2;
+SET @orig_sql_mode = @@SQL_MODE;
+SET SQL_MODE=traditional;
+SELECT CHAR(0xff,0x8f USING utf8);
+CHAR(0xff,0x8f USING utf8)
+NULL
+Warnings:
+Error	1300	Invalid utf8 character string: 'FF8F'
+SELECT CHAR(0xff,0x8f USING utf8) IS NULL;
+CHAR(0xff,0x8f USING utf8) IS NULL
+1
+Warnings:
+Error	1300	Invalid utf8 character string: 'FF8F'
+SET SQL_MODE=@orig_sql_mode;
 End of 5.0 tests
diff --git a/mysql-test/t/func_str.test b/mysql-test/t/func_str.test
index 45415882ac7..9255669f6e3 100644
--- a/mysql-test/t/func_str.test
+++ b/mysql-test/t/func_str.test
@@ -780,4 +780,18 @@ SELECT * FROM t1 INNER JOIN t2 ON code=id
 
 DROP TABLE t1,t2;
 
+
+#
+# BUG#17047: CHAR() and IN() can return NULL without signaling NULL
+# result
+#
+SET @orig_sql_mode = @@SQL_MODE;
+SET SQL_MODE=traditional;
+
+SELECT CHAR(0xff,0x8f USING utf8);
+SELECT CHAR(0xff,0x8f USING utf8) IS NULL;
+
+SET SQL_MODE=@orig_sql_mode;
+
+
 --echo End of 5.0 tests
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index 31c2f44fc3e..b54f8fef90c 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -80,6 +80,20 @@ String *Item_str_func::check_well_formed_result(String *str)
 }
 
 
+bool Item_str_func::fix_fields(THD *thd, Item **ref)
+{
+  bool res= Item_func::fix_fields(thd, ref);
+  /*
+    In Item_str_func::check_well_formed_result() we may set null_value
+    flag on the same condition as in test() below.
+  */
+  maybe_null= (maybe_null ||
+               test(thd->variables.sql_mode &
+                    (MODE_STRICT_TRANS_TABLES | MODE_STRICT_ALL_TABLES)));
+  return res;
+}
+
+
 my_decimal *Item_str_func::val_decimal(my_decimal *decimal_value)
 {
   DBUG_ASSERT(fixed == 1);
diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h
index 528180b803d..fd2aaf19675 100644
--- a/sql/item_strfunc.h
+++ b/sql/item_strfunc.h
@@ -37,6 +37,7 @@ public:
   enum Item_result result_type () const { return STRING_RESULT; }
   void left_right_max_length();
   String *check_well_formed_result(String *str);
+  bool fix_fields(THD *thd, Item **ref);
 };
 
 class Item_func_md5 :public Item_str_func
@@ -525,9 +526,8 @@ public:
   { collation.set(cs); }  
   String *val_str(String *);
   void fix_length_and_dec() 
-  { 
-    maybe_null=0;
-    max_length=arg_count * collation.collation->mbmaxlen;
+  {
+    max_length= arg_count * collation.collation->mbmaxlen;
   }
   const char *func_name() const { return "char"; }
 };