List:Commits« Previous MessageNext Message »
From:Georgi Kodinov Date:March 18 2010 3:30pm
Subject:bzr commit into mysql-5.1-bugteam branch (joro:3404) Bug#51850
View as plain text  
#At file:///home/kgeorge/mysql/work/B51850-5.1-bugteam/ based on revid:svoj@stripped

 3404 Georgi Kodinov	2010-03-18
      Bug #51850: crash/memory overlap when using load data infile and set
        col equal to itself!
      
      There's no need to copy the value of a field into itself.
      While generally harmless (except for some performance penalties)
      it may be dangerous when the copy code doesn't expect this.
      Fixed by checking if the source field is the same as the destination
      field before copying the data.
      Note that we must preserve the order of assignment of the null 
      flags (hence the null_value assignment addition).

    modified:
      mysql-test/r/loaddata.result
      mysql-test/t/loaddata.test
      sql/item.cc
=== modified file 'mysql-test/r/loaddata.result'
--- a/mysql-test/r/loaddata.result	2008-10-23 19:27:09 +0000
+++ b/mysql-test/r/loaddata.result	2010-03-18 15:30:33 +0000
@@ -484,4 +484,15 @@ SET character_set_filesystem=default;
 select @@character_set_filesystem;
 @@character_set_filesystem
 binary
+#
+# Bug #51850: crash/memory overlap when using load data infile and set 
+#  col equal to itself!
+#
+CREATE TABLE t1(col0 LONGBLOB);
+SELECT 'test' INTO OUTFILE 't1.txt';
+LOAD DATA INFILE 't1.txt' IGNORE INTO TABLE t1 SET col0=col0;
+SELECT * FROM t1;
+col0
+test
+DROP TABLE t1;
 End of 5.1 tests

=== modified file 'mysql-test/t/loaddata.test'
--- a/mysql-test/t/loaddata.test	2008-10-23 19:27:09 +0000
+++ b/mysql-test/t/loaddata.test	2010-03-18 15:30:33 +0000
@@ -532,5 +532,19 @@ SET character_set_filesystem=default;
 select @@character_set_filesystem;
 
 
+--echo #
+--echo # Bug #51850: crash/memory overlap when using load data infile and set 
+--echo #  col equal to itself!
+--echo #
+
+CREATE TABLE t1(col0 LONGBLOB);
+SELECT 'test' INTO OUTFILE 't1.txt';
+LOAD DATA INFILE 't1.txt' IGNORE INTO TABLE t1 SET col0=col0;
+SELECT * FROM t1;
+
+DROP TABLE t1;
+let $MYSQLD_DATADIR= `select @@datadir`;
+remove_file $MYSQLD_DATADIR/test/t1.txt;
+
 
 --echo End of 5.1 tests

=== modified file 'sql/item.cc'
--- a/sql/item.cc	2010-03-15 12:07:16 +0000
+++ b/sql/item.cc	2010-03-18 15:30:33 +0000
@@ -5068,6 +5068,17 @@ int Item_field::save_in_field(Field *to,
   else
   {
     to->set_notnull();
+
+    /*
+      If we're setting the same field as the one we're reading from there's 
+      nothing to do. This can happen in 'SET x = x' type of scenarios.
+      */  
+    if (to == result_field)
+    {
+      null_value=0;
+      return 0;
+    }
+
     res= field_conv(to,result_field);
     null_value=0;
   }


Attachment: [text/bzr-bundle] bzr/joro@sun.com-20100318153033-vfv1crzxhoegynll.bundle
Thread
bzr commit into mysql-5.1-bugteam branch (joro:3404) Bug#51850Georgi Kodinov18 Mar
  • Re: bzr commit into mysql-5.1-bugteam branch (joro:3404) Bug#51850Martin Hansson22 Mar
    • Re: bzr commit into mysql-5.1-bugteam branch (joro:3404) Bug#51850Georgi Kodinov24 Mar