From: Sergey Glukhov Date: December 13 2010 9:56am Subject: bzr commit into mysql-5.1-bugteam branch (sergey.glukhov:3515) Bug#57818 Bug#57913 List-Archive: http://lists.mysql.com/commits/126610 X-Bug: 57818,57913 Message-Id: <201012131005.oBD9lm5U027846@acsinet15.oracle.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4928958197679432201==" --===============4928958197679432201== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/gluh/MySQL/mysql-5.1-bugteam-new/ based on revid:sergey.glukhov@stripped 3515 Sergey Glukhov 2010-12-13 Bug#57818 string conversion function died Bug#57913 large negative number to string conversion functions crash String object which is used as result container of the item has uninitialized 'str_charset' field. This object might be used later to preform some internal operations and str_charset field is involved in these operations. It leads to crash. The fix is to intialize str_charset field before item evaluation. @ mysql-test/r/func_str.result test case @ mysql-test/t/func_str.test test case @ sql/item_cmpfunc.cc intialize str_charset field before item evaluation. modified: mysql-test/r/func_str.result mysql-test/t/func_str.test sql/item_cmpfunc.cc === modified file 'mysql-test/r/func_str.result' --- a/mysql-test/r/func_str.result 2010-03-26 05:49:35 +0000 +++ b/mysql-test/r/func_str.result 2010-12-13 09:56:19 +0000 @@ -2600,4 +2600,16 @@ ORDER BY QUOTE(t1.a); 1 1 DROP TABLE t1; +# +# Bug#57913 large negative number to string conversion functions crash +# Bug#57810 case/when/then : Assertion failed: length || !scale +# +SELECT '1' IN ('1', SUBSTRING(-9223372036854775809, 1)); +'1' IN ('1', SUBSTRING(-9223372036854775809, 1)) +1 +SELECT CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)); +CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)) +1 +Warnings: +Warning 1292 Truncated incorrect DECIMAL value: '' End of 5.1 tests === modified file 'mysql-test/t/func_str.test' --- a/mysql-test/t/func_str.test 2010-03-26 05:49:35 +0000 +++ b/mysql-test/t/func_str.test 2010-12-13 09:56:19 +0000 @@ -1362,4 +1362,11 @@ SELECT 1 FROM t1, t1 t2 ORDER BY QUOTE(t1.a); DROP TABLE t1; +--echo # +--echo # Bug#57913 large negative number to string conversion functions crash +--echo # Bug#57810 case/when/then : Assertion failed: length || !scale +--echo # +SELECT '1' IN ('1', SUBSTRING(-9223372036854775809, 1)); +SELECT CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)); + --echo End of 5.1 tests === modified file 'sql/item_cmpfunc.cc' --- a/sql/item_cmpfunc.cc 2010-12-07 14:32:55 +0000 +++ b/sql/item_cmpfunc.cc 2010-12-13 09:56:19 +0000 @@ -3383,8 +3383,18 @@ in_string::~in_string() void in_string::set(uint pos,Item *item) { + String *res; String *str=((String*) base)+pos; - String *res=item->val_str(str); + + if (!str->charset()) + { + CHARSET_INFO *cs; + if (!(cs= item->collation.collation)) + cs= &my_charset_bin; // Should never happen for STR items + str->set_charset(cs); + } + + res= item->val_str(str); if (res && res != str) { if (res->uses_buffer_owned_by(str)) @@ -3394,13 +3404,6 @@ void in_string::set(uint pos,Item *item) else *str= *res; } - if (!str->charset()) - { - CHARSET_INFO *cs; - if (!(cs= item->collation.collation)) - cs= &my_charset_bin; // Should never happen for STR items - str->set_charset(cs); - } } --===============4928958197679432201== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/sergey.glukhov@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: sergey.glukhov@stripped\ # 1bzndugqgtu6gwxj # target_branch: file:///home/gluh/MySQL/mysql-5.1-bugteam-new/ # testament_sha1: 0bf44de3159116a1ce9ade84313f24fec05acd14 # timestamp: 2010-12-13 12:56:28 +0300 # base_revision_id: sergey.glukhov@stripped\ # uylkl6zshp8qarni # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWVHZJfIAA+RfgFAweff//3/n n4C////+YAiNdbeeifeJZTcOfXN4zyfTRI19dWGSERPSeTTI0MptJ6NEZqNABp6g9Q0ADIJKT1A1 G01MU/SNI0ymnqPSaDQAAAAABJTUYTRTaYRTZE0wTymhpp6gyAeoGgAaDEip+pplHlDeqbKNANqe ppoAA0AAAAEUhJ6KejIImnpT8g1NR6jyantU9EMmmhhBptJoCSIIJ6miYaaBNU9T8lPEajxMRAAA PUYiBoaUGBumJcWxJZMQehrBY1VYEspam11/iS46FMgc8Y2TsYyBJGDms99XHEaEqdVGTIgrcA/P adbPHPi/Vre/8Ze4ArIGwRgUP757RFqHYDapyZjqOUoERERCPf1IrXbsVp9BgzkzCEGFWqwzUysk ZwUjCYfV83RfAnNIye4/tAP42eibJLtIIAoyAZTNDlCBou5gF/L6gH3nS25YXrzvWo6+BQt0HKoq lynhk/VLQWS2NAYwKvBFPFzYSJg4SeVGPcC5kFr61mZwS2xhfgbSgdjGy88F6BO5QkkleBXRiw5p 6BhmNHJMowwMP1Dk9zzvtbGnplydgc2Z25cNWxsZTiKrbtk8BD3sNXSGtoJsM47gDyEVYznQ9IU1 q6bbyK9bx/My4T0CtIhbKuyqjqWz3oc4K5UDgowQx1+nxs9OMXW3O5pQmcWq4Qkx5B3ucaG2hNgW aBIY8Oood9Gwm01+BfMrYPit4xvao5Eo3l8sCMF5SDGC4y8wze6KHZwKHa5drI5ZoHvenlFLVAij Y9r7cNWGKnEYZ1p1IgTg4w1H6uoeBuJaJaWNA4n2xEPN65saowmvVZUI0LI2OggX1XGIwkJFhcqi oMc3AIHgwYZAzTDgpGHZzCZOVESghjloE5YHFsWBJZlflU3zTQu1qwV+/ERJQmQCgfcsqTtEpGcY qJJprccVuV8TGRrVyoODR0QjY6YyK2qoLIG5WKkGfWbJPOHilWXTJ6MxNaarJkSg5ouIjBuo9eas ngaveGWroxu+dVhhIUCkpnwcqEwVnEfEDC45RGVe0UwvjsWAyhgWtw102THzIdSt5CShVlvrLnKQ jTv2kDIZizSwzcXJI6J6LMxWmgXEmQ2RbeUxHmQigmXQoalYGjLS5LQ+AOYZbYkjAzVDK68ZUJ1J MrMFPXd1rKERRMeZNBqVqujdaRoTFw4dYW2EXKiItDF8hzyaLVNcxYbiSsOARolO0VmEQTRcs85A 3JrglrzCJ3KmDnYPWJybJiEv7TAbEe6JRuO5ViZF9V4XM9moyLPNo1RRAIRecUSTygiBBglDVVWK LpufuwiIDtDCbuz4RERDVzrx9z9B1wcSB4B8QzPwYLzEiIYPk/hQ3QU3sn22BSZIID1tvxD0BMP8 GPU+wK4AQP+0b/kGUPmL7353PuyOlk1Zww3NwRJv7mHhgsuDI4rbSz9aNHO2F/R6wj2cqeN3UTIH cvrYWzzA3UUgP88TmOc7/Z0LquSVXkqOkhSDxdJbfz3nwBlOlPju4MsLUGZbQ7CCXcdkCQaBo1yt XgEaHkbdR7isb1NJ056jDbEgv4zisuYVIJzjrXgoJpW6tlZtVSu9WlaxHCCr7rlyJHuMTPZtMIBI vBtpP80cQp2TbSHoxpVAukySiiybIDTjRYwefw974lILdq6VFaxkzNLWn136S8tmZ4kR1WiyxrEQ UGE2G0FwyzhzRG9fFzOBuMdwvgh9qAiiZKBeOg3+IQvekE51y3Il0rerOOs11jpzXicRzlSjAtrL LlJVxzTJ1wqhcZi1Nt5wDo1Olbhy5ZmcZyOJu3NXz53fHYR5VnTulY359rtvYmgF6K04WRzOLCAY pyHW0xWWpnnP5bBBGwJQLS7HwCoQzRFIDkXQE1iklwEFVhy2b0GD37DoGNhJZC8ckHIxBomHxXq6 EygFpreIngwWFqeIe73xFgVW0d1z1GDc9UQhAhRn2oGzVcJ9d8oN4nZrE537OgiUncTmBqkrX5T1 seI1g8ZrkmDp1iDEGfMp0AxXsbkyw5m0V+AhnXQ2AVflfIMF1TQt5UTOxtAo81KXCYmbO+trT5jS AkiiERhLooVA0liK5zW6eMpjsjIKEVTtGZLU/asCOXgYLHo5CDeLmVwerLuyooEBeJPMHPJcK9QT Nqkrm3zOsNCSZBWx0pyIYw4ay29gdBmq/DpQK8vleaml2ZACRbDKEm3s6OoNJk3Wz7Kqg0ot+VUn 8ZqJSRYmYHZGMaBkUYBZepgFJODuLgIipwexxFg9Yq43LmjWioGknTMitOoA22rUGgT5713HOrSj etajkyA+RrkBwwkkrUjL/yuAyGzrm6eW90qGmQMgv5IYAoFtWs08zTk10ttnV6ep84YbBLnDFZ5u N2uLo2jsFodTB2QLk0AmhEMq0hIiYUtQe2870aumAYxTVoIyQFoVA1SmLjOrHVJKYb0yh3stdoSJ +t3bPHXZBNSvz2hj9CZiDyXAvDcd4Mn8GVpuS5LYDzpqo2AQAuguOCJFWhA0GhSszMzTbpZC4B2D AoCp5X+MAovS0ThWLtLN+luOB3VL9JQjFMnVOPGk6JxHqnpE5nbyo5YTe9Io3o2nMGBIbATTJKi4 b54dVpTfQzuTQ6YJ1iyCrUnEHuYGhUyLKCdOgTEvefUz+/I+obBN9ghXzYjmYJK4QGiGZzI61BX4 r5h0B17SvSrrlFgyKHXEWxS84SW4sm+V0CX7GujO+h87wshOBascZCBG/vchsCaNYIszCJYhjf/B y/4u5IpwoSCjskvk --===============4928958197679432201==--