Bug #75372 incorrect code(or indenting)
Submitted: 1 Jan 2015 11:07 Modified: 10 Apr 2015 0:04
Reporter: Joshua Rogers Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S3 (Non-critical)
Version:5.7.6 OS:Any
Assigned to: CPU Architecture:Any

[1 Jan 2015 11:07] Joshua Rogers 
Description:
in /sql/item_func.h:

174    if ((args= (Item**) sql_alloc(sizeof(Item*)*5)))
175      args[0]= a; args[1]= b; args[2]= c; args[3]= d; args[4]= e;

As you can see, the indenting is messed up. Is this an error in the code, or just an error in the indenting?

How to repeat:
.

Suggested fix:
.
[1 Jan 2015 13:07] MySQL Verification Team 
Verified by reading code.  In event of OOM situation, a crash could occur on the 'args[1]= b' since the { } are missing.

---
    arg_count= 5;
    if ((args= (Item**) sql_alloc(sizeof(Item*)*5)))
      args[0]= a; args[1]= b; args[2]= c; args[3]= d; args[4]= e;
---

Should probably be:
---
    arg_count= 5;
    if ((args= (Item**) sql_alloc(sizeof(Item*)*5)))
    {
      args[0]= a; args[1]= b; args[2]= c; args[3]= d; args[4]= e;
    }
---
[10 Apr 2015 0:04] Paul DuBois 
Noted in 5.7.8, 5.8.0 changelogs.

The parser could dereference a null pointer after an out-of-memory
error.