diff --git a/mysql-test/r/func_misc.result b/mysql-test/r/func_misc.result index c9552d9e39f..de46f070065 100644 --- a/mysql-test/r/func_misc.result +++ b/mysql-test/r/func_misc.result @@ -403,3 +403,10 @@ DROP TABLE t1; # # End of tests # +SELECT NAME_CONST('a', -(1 OR 2)) OR 1; +ERROR HY000: Incorrect arguments to NAME_CONST +SELECT NAME_CONST('a', -(1 AND 2)) OR 1; +ERROR HY000: Incorrect arguments to NAME_CONST +SELECT NAME_CONST('a', -(1)) OR 1; +NAME_CONST('a', -(1)) OR 1 +1 diff --git a/mysql-test/t/func_misc.test b/mysql-test/t/func_misc.test index 9257314013d..c13b506ad6f 100644 --- a/mysql-test/t/func_misc.test +++ b/mysql-test/t/func_misc.test @@ -544,3 +544,13 @@ DROP TABLE t1; --echo # --echo # End of tests --echo # + +# +# Bug#12735545 - PARSER STACK OVERFLOW WITH NAME_CONST +# CONTAINING OR EXPRESSION +# +--error ER_WRONG_ARGUMENTS +SELECT NAME_CONST('a', -(1 OR 2)) OR 1; +--error ER_WRONG_ARGUMENTS +SELECT NAME_CONST('a', -(1 AND 2)) OR 1; +SELECT NAME_CONST('a', -(1)) OR 1; diff --git a/sql/item.cc b/sql/item.cc index f4917448dda..1541314ec97 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -1358,6 +1358,11 @@ bool Item_name_const::is_null() Item_name_const::Item_name_const(Item *name_arg, Item *val): value_item(val), name_item(name_arg) { + /* + The value argument to NAME_CONST can only be a literal constant. Some extra + tests are needed to support a collation specificer and to handle negative + values. + */ if (!(valid_args= name_item->basic_const_item() && (value_item->basic_const_item() || ((value_item->type() == FUNC_ITEM) && @@ -1365,8 +1370,8 @@ Item_name_const::Item_name_const(Item *name_arg, Item *val): Item_func::COLLATE_FUNC) || ((((Item_func *) value_item)->functype() == Item_func::NEG_FUNC) && - (((Item_func *) value_item)->key_item()->type() != - FUNC_ITEM))))))) + (((Item_func *) + value_item)->key_item()->basic_const_item()))))))) my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST"); Item::maybe_null= TRUE; }