Bug #27362 SELECT id FROM tablename WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) ) crash
Submitted: 21 Mar 2007 22:16 Modified: 3 Apr 2007 22:30
Reporter: Mads Martin Joergensen Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.38 OS:Any
Assigned to: Igor Babaev CPU Architecture:Any

[21 Mar 2007 22:16] Mads Martin Joergensen 
Description:
SELECT id FROM tablename WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) ); crashes most recent 5.0.

How to repeat:
SELECT id FROM tablename WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) );
[22 Mar 2007 5:58] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/22557

ChangeSet@1.2490, 2007-03-21 22:57:22-07:00, igor@olga.mysql.com +3 -0
  Fixed bug #27362: crash at evaluation of IN predicate when one
  of its argument happened to be a decimal expression returning
  the NULL value.
  The crash was due to the fact the function in_decimal::set did
  not take into account that val_decimal() could return 0 if 
  the decimal expression had been evaluated to NULL.
[22 Mar 2007 7:06] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/22559

ChangeSet@1.2490, 2007-03-22 00:05:36-07:00, igor@olga.mysql.com +3 -0
  Fixed bug #27362: crash at evaluation of IN predicate when one
  of its argument happened to be a decimal expression returning
  the NULL value.
  The crash was due to the fact the function in_decimal::set did
  not take into account that val_decimal() could return 0 if 
  the decimal expression had been evaluated to NULL.
[23 Mar 2007 13:57] Alexey Botchkov 
Pushed in 5.0.40 and 5.1.18
[3 Apr 2007 18:08] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/23704

ChangeSet@1.2499, 2007-04-03 14:08:09-04:00, cmiller@zippy.cornsilk.net +3 -0
  Backport of Igor's patch for Bug#27362, March 22 2007.
  
  Fixed bug #27362: crash at evaluation of IN predicate when one
  of its argument happened to be a decimal expression returning
  the NULL value.
  The crash was due to the fact the function in_decimal::set did
  not take into account that val_decimal() could return 0 if 
  the decimal expression had been evaluated to NULL.
[3 Apr 2007 22:30] Paul DuBois 
Noted in 5.0.40, 5.1.18 changelogs.
[27 Jun 2007 13:17] Paul DuBois 
This patch also fixes Bug#27513.
[28 Jan 2008 6:40] Bugs System 
Pushed into 6.0.5-alpha
[28 Jan 2008 6:51] Bugs System 
Pushed into 5.1.24-rc
[6 Mar 2008 5:47] Jon Stephens 
Also documented for 6.0.5.
[6 May 2009 20:22] Bugs System 
Pushed into 5.0.82 (revid:chad@mysql.com-20090506130632-s1cl4ygdj9rt2rrz) (version source revid:chad@mysql.com-20090506130632-s1cl4ygdj9rt2rrz) (merge vers: 5.0.82) (pib:6)