Skip to content

MDEV-38210: Unary negation of LONGTEXT, wrong result under GROUP BY#5194

Open
DaveGosselin-MariaDB wants to merge 1 commit into
10.11from
10.11-mdev-38210-wrong-result
Open

MDEV-38210: Unary negation of LONGTEXT, wrong result under GROUP BY#5194
DaveGosselin-MariaDB wants to merge 1 commit into
10.11from
10.11-mdev-38210-wrong-result

Conversation

@DaveGosselin-MariaDB

@DaveGosselin-MariaDB DaveGosselin-MariaDB commented Jun 8, 2026

Copy link
Copy Markdown
Member

Unary negation of a LONGTEXT or LONGBLOB value returned the wrong result under GROUP BY. The length of the result was set to the argument length plus one for the sign, but for these two types the argument length is already the largest value the length field can hold, so adding one wrapped it back to zero. A zero length result loses its value when it is stored in the temporary table that GROUP BY builds, so the query returned an empty value instead of the expected number. The argument length is now limited before the sign character is added, so it can no longer wrap to zero.

@DaveGosselin-MariaDB DaveGosselin-MariaDB self-assigned this Jun 8, 2026
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 8, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request addresses MDEV-38210 by fixing an integer overflow issue in Item_func_neg::fix_length_and_dec_double where negating a cast binary value (like LONGTEXT or LONGBLOB) could result in a zero-width output. The fix clamps the argument width before adding the sign character. The review feedback identifies a potential underflow risk in the clamping logic if mlen is 0, and suggests a safer ternary operator implementation to prevent this.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread sql/item_func.cc
@DaveGosselin-MariaDB DaveGosselin-MariaDB changed the title MDEV-38210: Incorrect query result MDEV-38210: Unary negation of LONGTEXT, wrong result under GROUP BY Jun 11, 2026
@DaveGosselin-MariaDB DaveGosselin-MariaDB force-pushed the 10.11-mdev-38210-wrong-result branch from d73c01f to c307d91 Compare June 11, 2026 20:32
@DaveGosselin-MariaDB
MDEV-38210: Unary negation of LONGTEXT, wrong result under GROUP BY
c1adb91 
Unary negation of a LONGTEXT or LONGBLOB value returned the wrong
result under GROUP BY.  The length of the result was set to the
argument length plus one for the sign, but for these two types the
argument length is already the largest value the length field can
hold, so adding one wrapped it back to zero.  A zero length result
loses its value when it is stored in the temporary table that GROUP BY
builds, so the query returned an empty value instead of the expected
number.  The argument length is now limited before the sign character
is added, so it can no longer wrap to zero.
@DaveGosselin-MariaDB DaveGosselin-MariaDB force-pushed the 10.11-mdev-38210-wrong-result branch from c307d91 to c1adb91 Compare June 12, 2026 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gkodinov gkodinov Awaiting requested review from gkodinov

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@DaveGosselin-MariaDB DaveGosselin-MariaDB

Labels

MariaDB Corporation

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DaveGosselin-MariaDB