Details
Description
This script:
DROP TABLE IF EXISTS t1;
CREATE TABLE t1 (a VARCHAR(10) CHARACTER SET cp1251 COLLATE cp1251_ukrainian_ci);
INSERT INTO t1 VALUES (' 1'),('`1');
SELECT * FROM t1 WHERE a IN (1,2,3);
returns one row:
+------+ | a | +------+ | 1 | +------+
Now if I make the condition even stroger:
SELECT * FROM t1 WHERE a IN (1,2,3) AND a=' 1';
It erroneously returns two rows:
+------+ | a | +------+ | 1 | | `1 | +------+
It should return one row.
The problem happens in equal fields propagation in this code:
if (!item || !has_compatible_context(item)) item= this;
Item_func_in does not set cmp_type of args[0], so has_compatible_context() passes and the field gets erroneously replaced to the string constant which makes Item_func_in::val_int() always evaluate to TRUE.
Gliffy Diagrams
Attachments
Issue Links
- blocks
-
MDEV-8728 Fix a number of problems in equal field and equal expression propagation
-
- Closed
-
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Another example script:
SET NAMES utf8; DROP TABLE IF EXISTS t1; CREATE TABLE t1 (a VARCHAR(10) CHARACTER SET latin1); INSERT INTO t1 VALUES ('1e1'),('1ë1'); SELECT * FROM t1 WHERE a IN (1,2);returns one row:
Now if I make the condition even stronger:
it erroneously returns two rows: