[MDEV-4272] DIV operator crashes in Item_func_int_div::val_int Created: 2013-03-13  Updated: 2013-03-18  Resolved: 2013-03-18

Status: Closed
Project: MariaDB Server
Component/s: None
Affects Version/s: 10.0.1, 5.5.30
Fix Version/s: 10.0.2, 5.5.31

Type: Bug Priority: Major
Reporter: sbester1 Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: None
Environment:

WinX64, Linux x64


 Description   

Initial valgrind error from maria revno 3503: (release build)

Invalid read of size 8
 
at: Item_func_int_div::val_int (my_decimal.h:95)
 
by: Item::send (item.cc:6370)
 
by: Protocol::send_result_set_row (protocol.cc:900)
 
by: select_send::send_data (sql_class.cc:2448)
 
by: end_send (sql_select.cc:17355)
 
by: evaluate_join_record (sql_select.cc:16478)
 
by: sub_select (sql_select.cc:16259)
 
by: do_select (sql_select.cc:15929)
 
by: JOIN::exec_inner (sql_select.cc:2964)
 
by: JOIN::exec (sql_select.cc:2255)
 
by: mysql_select (sql_select.cc:3192)
 
by: handle_select (sql_select.cc:363)
 
by: execute_sqlcom_select (sql_parse.cc:5004)
 
by: mysql_execute_command (sql_parse.cc:2472)
 
by: mysql_parse (sql_parse.cc:6124)
 
by: dispatch_command (sql_parse.cc:1266)
 
by: do_handle_one_connection (sql_connect.cc:1267)
 
by: handle_one_connection (sql_connect.cc:1181)
 
by: start_thread (pthread_create.c:309)
 
by: clone (clone.S:115)
 
 Address 0x0 is not stack'd, malloc'd or (recently) free'd
 

drop table if exists c;
 
create table c(a int) select null;
 
select 1 div convert(a using utf8) from c;



 Comments   
Comment by Patryk Pomykalski [ 2013-03-13 ]

Also:
select convert(a using utf8) from c; returns null

select convert(a using utf8) + 0 from c; returns 0

Mysql returns null in both cases.

Comment by Oleksandr Byelkin [ 2013-03-14 ]

fix committed for review

Comment by Oleksandr Byelkin [ 2013-03-14 ]

pushed

Generated at Thu Feb 08 06:55:08 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.