MDEV-25610 Assertion `escape != -1' failed in Item_func_like::val_int

4 years ago · 9dc05f1f11
6 changed files with 1123 additions and 2 deletions
--- a/mysql-test/r/ctype_cp850.result
+++ b/mysql-test/r/ctype_cp850.result
--- a/mysql-test/r/ctype_cp866.result
+++ b/mysql-test/r/ctype_cp866.result
@ -0,0 +1,12 @@
+#
+# Start of 10.2 tests
+#
+#
+# MDEV-25610 Assertion `escape != -1' failed in Item_func_like::val_int
+#
+SELECT _cp866'' LIKE _cp866'' ESCAPE _cp866 0xFF;
+_cp866'' LIKE _cp866'' ESCAPE _cp866 0xFF
+1
+#
+# End of 10.2 tests
+#
--- a/mysql-test/t/ctype_cp850.test
+++ b/mysql-test/t/ctype_cp850.test
@ -14,3 +14,35 @@ DROP TABLE t1;
 --echo #
 --echo # End of 5.5 tests
 --echo #
+
+--echo #
+--echo # Start of 10.2 tests
+--echo #
+
+--echo #
+--echo # MDEV-25610 Assertion `escape != -1' failed in Item_func_like::val_int
+--echo #
+
+SET NAMES cp850;
+SELECT '' LIKE '' ESCAPE _cp850 0xFF;
+
+DELIMITER $$;
+BEGIN NOT ATOMIC
+  DECLARE ch INT DEFAULT 0x00;
+  DECLARE query TEXT DEFAULT 'SELECT _cp850'''' LIKE _cp850'''' ESCAPE _cp850 0xFF';
+  WHILE ch <= 0xFF DO
+    SET @query= REPLACE(query, 'FF', CONV(ch, 10, 16));
+    SELECT @query;
+    PREPARE stmt FROM @query;
+    EXECUTE stmt;
+    DEALLOCATE PREPARE stmt;
+    SET ch=ch+1;
+  END WHILE;
+END;
+$$
+DELIMITER ;$$
+
+
+--echo #
+--echo # End of 10.2 tests
+--echo #
--- a/mysql-test/t/ctype_cp866.test
+++ b/mysql-test/t/ctype_cp866.test
@ -0,0 +1,14 @@
+--echo #
+--echo # Start of 10.2 tests
+--echo #
+
+--echo #
+--echo # MDEV-25610 Assertion `escape != -1' failed in Item_func_like::val_int
+--echo #
+
+SELECT _cp866'' LIKE _cp866'' ESCAPE _cp866 0xFF;
+
+
+--echo #
+--echo # End of 10.2 tests
+--echo #
--- a/sql/item.h
+++ b/sql/item.h
@ -6236,6 +6236,19 @@ public:
 };


+/*
+  fix_escape_item() sets the out "escape" parameter to:
+  - native code in case of an 8bit character set
+  - Unicode code point in case of a multi-byte character set
+
+  The value meaning a not-initialized ESCAPE character must not be equal to
+  any valid value, so must be outside of these ranges:
+  - -128..+127, not to conflict with a valid 8bit charcter
+  - 0..0x10FFFF, not to conflict with a valid Unicode code point
+  The exact value does not matter.
+*/
+#define ESCAPE_NOT_INITIALIZED -1000
+
 /*
  It's used in ::fix_fields() methods of LIKE and JSON_SEARCH
  functions to handle the ESCAPE parameter.
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@ -5266,7 +5266,7 @@ void Item_func_like::print(String *str, enum_query_type query_type)
 longlong Item_func_like::val_int()
 {
  DBUG_ASSERT(fixed == 1);
-  DBUG_ASSERT(escape != -1);
+  DBUG_ASSERT(escape != ESCAPE_NOT_INITIALIZED);
  String* res= args[0]->val_str(&cmp_value1);
  if (args[0]->null_value)
  {
@ -5370,7 +5370,7 @@ bool fix_escape_item(THD *thd, Item *escape_item, String *tmp_str,
    return TRUE;
  }

-  IF_DBUG(*escape= -1,);
+  IF_DBUG(*escape= ESCAPE_NOT_INITIALIZED,);

  if (escape_item->const_item())
  {