Open r33s3n6 opened 1 week ago
The root cause is
( select 0 )
is integer, so select 'abc' in ( select 0 ) as c1;
actually means select 'abc' in (0)
, it will convert abc
and 0 to double before compare, so the query returns 1(abc
is convert to 0)( select 0 union all ( select cast(null as char)) )
is varchar, so the query actually means select 'abc' in ('0', null)
, so it returns NULL
( select 0 union all ( select 1 where false) )
is integer, so it is the same as query 1( select 0 union all ( select '1' where false) )
is varchar, so it is the same as query 2, but no null literal, so it returns 0.This issue is actually the same as https://github.com/pingcap/tidb/issues/56642. The TiDB's result is as expected, but unfortunately, different from MySQL's result.
1. Minimal reproduce step (Required)
2. What did you expect to see? (Required)
3. What did you see instead (Required)
4. What is your TiDB version? (Required)
about us
We are the BASS team from the School of Cyber Science and Technology at Beihang University. Our main focus is on system software security, operating systems, and program analysis research, as well as the development of automated program testing frameworks for detecting software defects. Using our self-developed database vulnerability testing tool, we have identified the above-mentioned vulnerabilities in TiDB that may lead to database logic error.