From 74184074a06f9fd736064f77c1e78c310f9f0cae Mon Sep 17 00:00:00 2001
From: Alexander Barkov <bar@mariadb.com>
Date: Mon, 11 Nov 2024 10:00:26 +0400
Subject: [PATCH] MDEV-28652 SUBSTRING(str,pos,len) returns incorrect result in
 view (returns an empty string)

Item_func_substr::fix_length_and_dec() incorrecltly calculated its max_length
to 0 when a huge number was passed as the third argument:
  substring('hello', 1, 4294967295)
Fixing this.
---
 mysql-test/main/func_str.result | 8 ++++++++
 mysql-test/main/func_str.test   | 7 +++++++
 sql/item_strfunc.cc             | 8 ++++----
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/mysql-test/main/func_str.result b/mysql-test/main/func_str.result
index 7aa248bffd4..4c1bcf59d0f 100644
--- a/mysql-test/main/func_str.result
+++ b/mysql-test/main/func_str.result
@@ -5330,5 +5330,13 @@ BIN(c)
 DROP TABLE t1;
 DO OCT(-9223372036854775808);
 #
+# MDEV-28652 SUBSTRING(str,pos,len) returns incorrect result in view (returns an empty string)
+#
+create view v1 as select substring('hello', 1, 4294967295);
+select * from v1;
+substring('hello', 1, 4294967295)
+hello
+drop view v1;
+#
 # End of 10.5 tests
 #
diff --git a/mysql-test/main/func_str.test b/mysql-test/main/func_str.test
index 952d061c30f..2043eaa2b30 100644
--- a/mysql-test/main/func_str.test
+++ b/mysql-test/main/func_str.test
@@ -2370,6 +2370,13 @@ DROP TABLE t1;
 
 DO OCT(-9223372036854775808);
 
+--echo #
+--echo # MDEV-28652 SUBSTRING(str,pos,len) returns incorrect result in view (returns an empty string)
+--echo #
+
+create view v1 as select substring('hello', 1, 4294967295);
+select * from v1;
+drop view v1;
 
 --echo #
 --echo # End of 10.5 tests
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index 4a54cf06b92..b53693a48ae 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -1773,11 +1773,11 @@ bool Item_func_substr::fix_length_and_dec()
   }
   if (arg_count == 3 && args[2]->const_item())
   {
-    int32 length= (int32) args[2]->val_int();
-    if (args[2]->null_value || length <= 0)
+    longlong length= args[2]->val_int();
+    if (args[2]->null_value || (length <= 0 && !args[2]->unsigned_flag))
       max_length=0; /* purecov: inspected */
-    else
-      set_if_smaller(max_length,(uint) length);
+    else if (length < UINT32_MAX)
+      set_if_smaller(max_length, (uint32) length);
   }
   max_length*= collation.collation->mbmaxlen;
   return FALSE;