From 617189958bbb9cf8cf2b9722da39802aa8625b54 Mon Sep 17 00:00:00 2001
From: unknown <tnurnberg@salvation.intern.azundris.com>
Date: Mon, 4 Sep 2006 06:16:34 +0200
Subject: [PATCH] Bug#21913: DATE_FORMAT() Crashes mysql server if I use it
 through mysql-connector-j driver.

Variable character_set_results can legally be NULL (for "no conversion.")
This could result in a NULL deref that crashed the server.  Fixed.

(Although ran some additional precursory tests to see whether I could break
anything else, but no breakage so far.)


mysql-test/r/func_time.result:
  Bug#21913: DATE_FORMAT() Crashes mysql server if I use it through mysql-connector-j driver.

  Prove DATE_FORMAT() no longer crashes the server when character_set_results is
  NULL (which is a legal value and means, "no conversion").
mysql-test/t/func_time.test:
  Bug#21913: DATE_FORMAT() Crashes mysql server if I use it through mysql-connector-j driver.

  Prove DATE_FORMAT() no longer crashes the server when character_set_results is
  NULL (which is a legal value and means, "no conversion").
sql/sql_string.cc:
  Bug#21913: DATE_FORMAT() Crashes mysql server if I use it through mysql-connector-j driver.

  Avoid NULL deref in my_charset_same() -- if !to_cs, we won't need to compare
  because it is magic for, "no conversion."
---
 mysql-test/r/func_time.result | 12 ++++++++++++
 mysql-test/t/func_time.test   | 18 ++++++++++++++++++
 sql/sql_string.cc             |  7 ++++++-
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/func_time.result b/mysql-test/r/func_time.result
index fab0bf01f58..07a46f92469 100644
--- a/mysql-test/r/func_time.result
+++ b/mysql-test/r/func_time.result
@@ -688,3 +688,15 @@ t1	CREATE TABLE `t1` (
   `from_unixtime(1) + 0` double(23,6) default NULL
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1
 drop table t1;
+SET NAMES latin1;
+SET character_set_results = NULL;
+SHOW VARIABLES LIKE 'character_set_results';
+Variable_name	Value
+character_set_results	
+CREATE TABLE testBug8868 (field1 DATE, field2 VARCHAR(32) CHARACTER SET BINARY);
+INSERT INTO testBug8868 VALUES ('2006-09-04', 'abcd');
+SELECT DATE_FORMAT(field1,'%b-%e %l:%i%p') as fmtddate, field2 FROM testBug8868;
+fmtddate	field2
+Sep-4 12:00AM	abcd
+DROP TABLE testBug8868;
+SET NAMES DEFAULT;
diff --git a/mysql-test/t/func_time.test b/mysql-test/t/func_time.test
index b232fb14e1e..8a7f8792081 100644
--- a/mysql-test/t/func_time.test
+++ b/mysql-test/t/func_time.test
@@ -358,4 +358,22 @@ create table t1 select now() - now(), curtime() - curtime(),
 show create table t1;
 drop table t1;
 
+#
+# 21913: DATE_FORMAT() Crashes mysql server if I use it through
+#        mysql-connector-j driver.
+#
+
+SET NAMES latin1;
+SET character_set_results = NULL;
+SHOW VARIABLES LIKE 'character_set_results';
+
+CREATE TABLE testBug8868 (field1 DATE, field2 VARCHAR(32) CHARACTER SET BINARY);
+INSERT INTO testBug8868 VALUES ('2006-09-04', 'abcd');
+
+SELECT DATE_FORMAT(field1,'%b-%e %l:%i%p') as fmtddate, field2 FROM testBug8868;
+
+DROP TABLE testBug8868;
+
+SET NAMES DEFAULT;
+
 # End of 4.1 tests
diff --git a/sql/sql_string.cc b/sql/sql_string.cc
index 939ffe8d9d2..aaa85b0d96c 100644
--- a/sql/sql_string.cc
+++ b/sql/sql_string.cc
@@ -248,6 +248,10 @@ bool String::copy(const char *str,uint32 arg_length, CHARSET_INFO *cs)
    0  No conversion needed
    1  Either character set conversion or adding leading  zeros
       (e.g. for UCS-2) must be done
+
+  NOTE
+  to_cs may be NULL for "no conversion" if the system variable
+  character_set_results is NULL.
 */
 
 bool String::needs_conversion(uint32 arg_length,
@@ -256,7 +260,8 @@ bool String::needs_conversion(uint32 arg_length,
 			      uint32 *offset)
 {
   *offset= 0;
-  if ((to_cs == &my_charset_bin) || 
+  if (!to_cs ||
+      (to_cs == &my_charset_bin) || 
       (to_cs == from_cs) ||
       my_charset_same(from_cs, to_cs) ||
       ((from_cs == &my_charset_bin) &&