1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-36491 Server crashes in Item_func_group_concat::print

Browse Source 
Initialize orig_args with nullptr and allocate it if it hasn't yet
been allocated, either during construction or during fix_fields(),
depending on use.  THe SQL layer calls print() on conditions as a
way of validating that they're correct, but in the case of
Item_func_group_concat, this crashed because orig_args was not
allocated by that point for the test case included in this commit.
This commit is contained in:
Dave Gosselin 2025-04-07 09:25:43 -04:00 committed by Dave Gosselin
parent eaba4975c9
commit 1a8854fdba
3 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mysql-test/main/spatial_utility_function_collect.result
View File

@ -253,3 +253,8 @@ st_astext(ST_COLLECT(p))
MULTIPOINT(1 1,1 1)
MULTIPOINT(0 0)
DROP TABLE t1;
#
# MDEV-36491 Server crashes in Item_func_group_concat::print
#
SELECT 1 FROM dual WHERE group_concat(1, 1);
ERROR HY000: Invalid use of group function

6
mysql-test/main/spatial_utility_function_collect.test
View File

@ -205,3 +205,9 @@ CREATE TABLE t1 (a int, p point);
INSERT INTO t1 (a, p) VALUES (0,st_geomfromtext('POINT(1 1)')), ( 1,st_geomfromtext('POINT(0 0)')), ( 0,st_geomfromtext('POINT(1 1)'));
SELECT st_astext(ST_COLLECT(p)) FROM t1 GROUP BY a;
DROP TABLE t1;
--echo #
--echo # MDEV-36491 Server crashes in Item_func_group_concat::print
--echo #
--error ER_INVALID_GROUP_FUNC_USE
SELECT 1 FROM dual WHERE group_concat(1, 1);

8
sql/item_sum.cc
View File

@ -4558,6 +4558,8 @@ uint Item_func_group_concat::get_null_bytes()
void Item_func_group_concat::print(String *str, enum_query_type query_type)
{
/* orig_args is not filled with valid values until fix_fields() */
Item **pargs= fixed() ? orig_args : args;
str->append(func_name_cstring());
if (distinct)
str->append(STRING_WITH_LEN("distinct "));
@ -4565,7 +4567,7 @@ void Item_func_group_concat::print(String *str, enum_query_type query_type)
{
if (i)
str->append(',');
orig_args[i]->print(str, query_type);
pargs[i]->print(str, query_type);
}
if (arg_count_order)
{
@ -4574,10 +4576,10 @@ void Item_func_group_concat::print(String *str, enum_query_type query_type)
{
if (i)
str->append(',');
orig_args[i + arg_count_field]->print(str, query_type);
pargs[i + arg_count_field]->print(str, query_type);
if (order[i]->direction == ORDER::ORDER_ASC)
str->append(STRING_WITH_LEN(" ASC"));
else
else
str->append(STRING_WITH_LEN(" DESC"));
}
}