From fa604f0a3d74ba60e2ba4b583fc5f14221ac713d Mon Sep 17 00:00:00 2001
From: Martin Hansson <martin.hansson@sun.com>
Date: Mon, 7 Sep 2009 11:57:22 +0200
Subject: [PATCH] Bug#46259: 5.0.83 -> 5.1.36, query doesn't work

The parser rule for expressions in a udf parameter list contains
two hacks:
First, the parser input stream is read verbatim, bypassing
the lexer.
Second, the Item::name field is overwritten. If the argument to a
udf was a field, the field's name as seen by name resolution was
overwritten this way.
If the field name was quoted or escaped, it would appear as e.g. "`field`".
Fixed by not overwriting field names.
---
 mysql-test/r/udf.result | 16 ++++++++++++++++
 mysql-test/t/udf.test   | 12 ++++++++++++
 sql/sql_yacc.yy         |  8 +++++++-
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/udf.result b/mysql-test/r/udf.result
index 15410ac2039..601b364fbbe 100644
--- a/mysql-test/r/udf.result
+++ b/mysql-test/r/udf.result
@@ -392,4 +392,20 @@ a
 4
 DROP FUNCTION sequence;
 DROP TABLE t1,t2;
+#
+# Bug#46259: 5.0.83 -> 5.1.36, query doesn't work
+#
+CREATE TABLE t1 ( a INT );
+INSERT INTO t1 VALUES (1), (2), (3);
+SELECT IF( a = 1, a, a ) AS `b` FROM t1 ORDER BY field( `b` + 1, 1 );
+b
+1
+2
+3
+SELECT IF( a = 1, a, a ) AS `b` FROM t1 ORDER BY field( `b`, 1 );
+b
+2
+3
+1
+DROP TABLE t1;
 End of 5.0 tests.
diff --git a/mysql-test/t/udf.test b/mysql-test/t/udf.test
index e9ae1a31079..7bf252040e5 100644
--- a/mysql-test/t/udf.test
+++ b/mysql-test/t/udf.test
@@ -436,4 +436,16 @@ SELECT * FROM t2 WHERE a = sequence();
 DROP FUNCTION sequence;
 DROP TABLE t1,t2;
 
+--echo #
+--echo # Bug#46259: 5.0.83 -> 5.1.36, query doesn't work
+--echo #
+CREATE TABLE t1 ( a INT );
+
+INSERT INTO t1 VALUES (1), (2), (3);
+
+SELECT IF( a = 1, a, a ) AS `b` FROM t1 ORDER BY field( `b` + 1, 1 );
+SELECT IF( a = 1, a, a ) AS `b` FROM t1 ORDER BY field( `b`, 1 );
+
+DROP TABLE t1;
+
 --echo End of 5.0 tests.
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index a18f57bf9cf..db97e77bbd0 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -7921,7 +7921,13 @@ udf_expr:
               $2->is_autogenerated_name= FALSE;
               $2->set_name($4.str, $4.length, system_charset_info);
             }
-            else
+            /* 
+               A field has to have its proper name in order for name
+               resolution to work, something we are only guaranteed if we
+               parse it out. If we hijack the input stream with
+               remember_name we may get quoted or escaped names.
+            */
+            else if ($2->type() != Item::FIELD_ITEM)
               $2->set_name($1, (uint) ($3 - $1), YYTHD->charset());
             $$= $2;
           }