From 1c1f0a62e1f68fd39ae7440042699faaffaaf7fe Mon Sep 17 00:00:00 2001
From: unknown <sergefp@mysql.com>
Date: Tue, 22 Apr 2008 02:53:12 +0400
Subject: [PATCH] BUG#36139 "float, zerofill, crash with subquery" - Make
 convert_zerofill_number_to_string() take into account that the   constant it
 is converting may evaluate to NULL.

mysql-test/r/subselect.result:
  BUG#36139 "float, zerofill, crash with subquery"
  - Testcase
mysql-test/t/subselect.test:
  BUG#36139 "float, zerofill, crash with subquery"
  - Testcase
---
 mysql-test/r/subselect.result |  7 +++++++
 mysql-test/t/subselect.test   | 12 ++++++++++++
 sql/item.cc                   | 11 ++++++++---
 3 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result
index 2de2589fc92..349b874cbb9 100644
--- a/mysql-test/r/subselect.result
+++ b/mysql-test/r/subselect.result
@@ -4374,4 +4374,11 @@ a4	f3	a6
 1	NULL	NULL
 2	NULL	NULL
 DROP TABLE t1, t2, t3, t4;
+create table t1 (a float(5,4) zerofill);
+create table t2 (a float(5,4),b float(2,0));
+select t1.a from t1 where   
+t1.a= (select b from t2 limit 1) and not
+t1.a= (select a from t2 limit 1) ;
+a
+drop table t1;
 End of 5.0 tests.
diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test
index c5edd5414e3..a60159381e1 100644
--- a/mysql-test/t/subselect.test
+++ b/mysql-test/t/subselect.test
@@ -3259,5 +3259,17 @@ GROUP BY a4;
 
 DROP TABLE t1, t2, t3, t4;
 
+#
+# BUG#36139 "float, zerofill, crash with subquery"
+#
+create table t1 (a float(5,4) zerofill);
+create table t2 (a float(5,4),b float(2,0));
+
+select t1.a from t1 where   
+  t1.a= (select b from t2 limit 1) and not
+  t1.a= (select a from t2 limit 1) ;
+
+drop table t1;
+
 --echo End of 5.0 tests.
 
diff --git a/sql/item.cc b/sql/item.cc
index 553ba1b152c..9ff1f8c0084 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -4156,9 +4156,14 @@ static void convert_zerofill_number_to_string(Item **item, Field_num *field)
   String tmp(buff,sizeof(buff), field->charset()), *res;
 
   res= (*item)->val_str(&tmp);
-  field->prepend_zeros(res);
-  pos= (char *) sql_strmake (res->ptr(), res->length());
-  *item= new Item_string(pos, res->length(), field->charset());
+  if ((*item)->is_null())
+    *item= new Item_null();
+  else
+  {
+    field->prepend_zeros(res);
+    pos= (char *) sql_strmake (res->ptr(), res->length());
+    *item= new Item_string(pos, res->length(), field->charset());
+  }
 }