List:Commits« Previous MessageNext Message »
From:Evgeny Potemkin Date:October 27 2010 3:07pm
Subject:bzr commit into mysql-5.5-bugteam branch (epotemkin:3098) Bug#57278
View as plain text  
#At file:///work/bzrroot/57278-bug-5.5-bugfixing/ based on revid:marc.alff@stripped

 3098 Evgeny Potemkin	2010-10-27
      Bug#57278: Crash on min/max + with date out of range.
      MySQL officially supports DATE values starting from 1000-01-01. This is
      enforced for int values, but not for string values, thus one
      could easily insert '0001-01-01' value. Int values are checked by
      number_to_datetime function and Item_cache_datetime::val_str uses it
      to fill MYSQL_TIME struct out of cached int value. This leads to the
      scenario where Item_cache_datetime caches a non-null datetime value and when
      it tries to convert it from int to string number_to_datetime function
      treats the value as out-of-range and returns an error and
      Item_cache_datetime::val_str returns NULL for a non-null value. Due to this
      inconsistency server crashes.
      
      Now number_to_datetime allows DATE values below 1000-01-01 if the
      TIME_FUZZY_DATE flag is set. Item_cache_datetime::val_str now better handles
      null_value.
     @ mysql-test/r/type_date.result
        Added a test case for the bug#57278.
     @ mysql-test/t/type_date.test
        Added a test case for the bug#57278.
     @ sql-common/my_time.c
        Bug#57278: Crash on min/max + with date out of range.
        Now number_to_datetime allows DATE values below 1000-01-01 if the
        TIME_FUZZY_DATE flag is set.
     @ sql/item.cc
        Bug#57278: Crash on min/max + with date out of range.
        Item_cache_datetime::val_str now better handles
        null_value.

    modified:
      mysql-test/r/type_date.result
      mysql-test/t/type_date.test
      sql-common/my_time.c
      sql/item.cc
=== modified file 'mysql-test/r/type_date.result'
--- a/mysql-test/r/type_date.result	2010-03-20 20:23:42 +0000
+++ b/mysql-test/r/type_date.result	2010-10-27 15:07:37 +0000
@@ -318,4 +318,12 @@ f1	date	YES		NULL	
 f2	date	YES		NULL	
 DROP TABLE t1;
 #
+#
+# Bug#57278: Crash on min/max + with date out of range.
+#
+set @a=(select min(makedate('111','1'))) ;
+select @a;
+@a
+0111-01-01
+#
 End of 6.0 tests

=== modified file 'mysql-test/t/type_date.test'
--- a/mysql-test/t/type_date.test	2010-03-20 20:23:42 +0000
+++ b/mysql-test/t/type_date.test	2010-10-27 15:07:37 +0000
@@ -284,4 +284,12 @@ DROP TABLE t1;
 
 --echo #
 
+--echo #
+--echo # Bug#57278: Crash on min/max + with date out of range.
+--echo #
+set @a=(select min(makedate('111','1'))) ;
+select @a;
+--echo #
+
+
 --echo End of 6.0 tests

=== modified file 'sql-common/my_time.c'
--- a/sql-common/my_time.c	2010-07-09 12:28:51 +0000
+++ b/sql-common/my_time.c	2010-10-27 15:07:37 +0000
@@ -1127,7 +1127,12 @@ longlong number_to_datetime(longlong nr,
     nr= (nr+19000000L)*1000000L;                 /* YYMMDD, year: 1970-1999 */
     goto ok;
   }
-  if (nr < 10000101L)
+  /*
+    Though officially we support DATE values from 1000-01-01 only, one can
+    easily insert a value like 1-1-1. So, for consistency reasons such dates
+    are allowed when TIME_FUZZY_DATE is set.
+  */
+  if (nr < 10000101L && !(flags & TIME_FUZZY_DATE))
     goto err;
   if (nr <= 99991231L)
   {

=== modified file 'sql/item.cc'
--- a/sql/item.cc	2010-10-08 14:06:31 +0000
+++ b/sql/item.cc	2010-10-27 15:07:37 +0000
@@ -7509,6 +7509,11 @@ String *Item_cache_datetime::val_str(Str
     if (value_cached)
     {
       MYSQL_TIME ltime;
+      /* No need to convert cached NULL. */
+      if (null_value)
+        return NULL;
+      /* Return NULL in case of OOM/conversion error. */
+      null_value= TRUE;
       if (str_value.alloc(MAX_DATE_STRING_REP_LENGTH))
         return NULL;
       if (cached_field_type == MYSQL_TYPE_TIME)
@@ -7538,6 +7543,7 @@ String *Item_cache_datetime::val_str(Str
       str_value.length(my_TIME_to_str(&ltime,
                                       const_cast<char*>(str_value.ptr())));
       str_value_cached= TRUE;
+      null_value= FALSE;
     }
     else if (!cache_value())
       return NULL;


Attachment: [text/bzr-bundle] bzr/epotemkin@mysql.com-20101027150737-54h2e4dj5s452xt5.bundle
Thread
bzr commit into mysql-5.5-bugteam branch (epotemkin:3098) Bug#57278Evgeny Potemkin27 Oct
  • Re: bzr commit into mysql-5.5-bugteam branch (epotemkin:3098) Bug#57278Øystein Grøvlen1 Nov
    • Re: bzr commit into mysql-5.5-bugteam branch (epotemkin:3098) Bug#57278Evgeny Potemkin2 Nov
      • Re: bzr commit into mysql-5.5-bugteam branch (epotemkin:3098) Bug#57278Øystein Grøvlen3 Nov