From ac885d5dfbe4c094f693851433516265a57868d6 Mon Sep 17 00:00:00 2001
From: Georgi Kodinov <joro@sun.com>
Date: Fri, 9 Jan 2009 13:50:18 +0200
Subject: [PATCH] Bug #41437: Value stored in 'case' lacks charset, causes
 segfault

When substituting system constant functions with a constant result
the server was not expecting that the function may return NULL.
Fixed by checking for NULL and returning Item_null (in the relevant
collation) if the result of the system constant function was NULL.

mysql-test/r/mysql.result:
  Bug #41437: test case
mysql-test/t/mysql.test:
  Bug #41437: test case.
  Relies on database() returning NULL if no database is
  selected.
sql/item_strfunc.cc:
  Bug #41437: Check for NULL result on evaluating the system
  constant function and return a constant NULL item.
---
 mysql-test/r/mysql.result | 2 ++
 mysql-test/t/mysql.test   | 5 +++++
 sql/item_strfunc.cc       | 6 ++++++
 3 files changed, 13 insertions(+)

diff --git a/mysql-test/r/mysql.result b/mysql-test/r/mysql.result
index 95bdcab6ba1..9bad3b9f791 100644
--- a/mysql-test/r/mysql.result
+++ b/mysql-test/r/mysql.result
@@ -186,4 +186,6 @@ delimiter
 2
 2
 2
+@z:='1'	@z=database()
+1	NULL
 End of 5.0 tests
diff --git a/mysql-test/t/mysql.test b/mysql-test/t/mysql.test
index 76941af893a..68a01a309d4 100644
--- a/mysql-test/t/mysql.test
+++ b/mysql-test/t/mysql.test
@@ -309,4 +309,9 @@ EOF
 --exec $MYSQL -c < $MYSQLTEST_VARDIR/tmp/bug38158.sql 2>&1
 remove_file $MYSQLTEST_VARDIR/tmp/bug38158.sql;
 
+#
+# Bug #41437: Value stored in 'case' lacks charset, causees segfault
+#
+--exec $MYSQL -e "select @z:='1',@z=database()"
+
 --echo End of 5.0 tests
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index d1e3f45bba1..34f974042a5 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -1696,6 +1696,12 @@ Item *Item_func_sysconst::safe_charset_converter(CHARSET_INFO *tocs)
   Item_string *conv;
   uint conv_errors;
   String tmp, cstr, *ostr= val_str(&tmp);
+  if (null_value)
+  {
+    Item *null_item= new Item_null((char *) fully_qualified_func_name());
+    null_item->collation.set (tocs);
+    return null_item;
+  }
   cstr.copy(ostr->ptr(), ostr->length(), ostr->charset(), tocs, &conv_errors);
   if (conv_errors ||
       !(conv= new Item_static_string_func(fully_qualified_func_name(),