| Bug #119340 | Incorrect result for RLIKE when INSERT() uses CURRENT_USER() as an argument. | ||
|---|---|---|---|
| Submitted: | 10 Nov 7:58 | ||
| Reporter: | zz z | Email Updates: | |
| Status: | Open | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 9.4.0 8.4.6 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
Portions of this website are copyright © 2001, 2002 The PHP Group
Page generated in 0.048 sec. using MySQL 8.4.5-u5-cloud
Timestamp references displayed by the system are UTC.
Content reproduced on this site is the property of the
respective copyright holders.
It is not reviewed in advance
by Oracle and does not necessarily represent the opinion of
Oracle or any other party.
© 2025, Oracle Corporation and/or its affiliates
Description: When the INSERT(str, pos, len, newstr) function is used with the RLIKE operator, it behaves incorrectly if the str argument is supplied by the non-deterministic function CURRENT_USER() and the pos argument is an invalid position (e.g., a negative number). The expected behavior is for INSERT() to return the original string. However, in this scenario, it incorrectly returns the value of the fourth argument (newstr), '0'. This causes RLIKE to match against an incorrect pattern, leading to a wrong result. The bug is not triggered when an equivalent string literal (' root@ %') is used instead of the CURRENT_USER() function. How to repeat: CREATE TABLE t18 (c1 FLOAT, c2 LONGTEXT); INSERT t18 () VALUES (1,'uM'); INSERT t18 () VALUES (-1,'30'); SELECT CURRENT_USER(); -- 'root@%' or similar SELECT INSERT((CURRENT_USER()),c1, 9, '0') from t18; -- Observed: -- '0' -- '0' <- Incorrect SELECT ((t18.c2) RLIKE INSERT((CURRENT_USER()), t18.c1, 9, '0')) FROM t18; -- Observed: -- 0 -- 1 <- Incorrect SELECT ((t18.c2) RLIKE INSERT(('root@%'), t18.c1, 9, '0')) FROM t18; -- Observed: -- 0 -- 0 <- Correct