From: Sergey Glukhov Date: December 14 2010 3:43pm Subject: bzr commit into mysql-5.1-bugteam branch (sergey.glukhov:3522) Bug#57818 Bug#57913 List-Archive: http://lists.mysql.com/commits/126798 X-Bug: 57818,57913 Message-Id: <201012141553.oBEFrDrf000606@acsinet15.oracle.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4974784717676049070==" --===============4974784717676049070== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/gluh/MySQL/mysql-5.1-bugteam-new/ based on revid:mattias.jonsson@stripped 3522 Sergey Glukhov 2010-12-14 Bug#57818 string conversion function died Bug#57913 large negative number to string conversion functions crash String object which is used as result container of the item has uninitialized 'str_charset' field. This object might be used later to preform some internal operations and str_charset field is involved in these operations. It leads to crash. The fix is to intialize str_charset in my_decimal2string() func. @ mysql-test/r/func_str.result test case @ mysql-test/t/func_str.test test case @ sql/my_decimal.cc intialize str_charset field for result string in my_decimal2string() func. modified: mysql-test/r/func_str.result mysql-test/t/func_str.test sql/my_decimal.cc === modified file 'mysql-test/r/func_str.result' --- a/mysql-test/r/func_str.result 2010-03-26 05:49:35 +0000 +++ b/mysql-test/r/func_str.result 2010-12-14 15:43:34 +0000 @@ -2600,4 +2600,16 @@ ORDER BY QUOTE(t1.a); 1 1 DROP TABLE t1; +# +# Bug#57913 large negative number to string conversion functions crash +# Bug#57810 case/when/then : Assertion failed: length || !scale +# +SELECT '1' IN ('1', SUBSTRING(-9223372036854775809, 1)); +'1' IN ('1', SUBSTRING(-9223372036854775809, 1)) +1 +SELECT CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)); +CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)) +1 +Warnings: +Warning 1292 Truncated incorrect DECIMAL value: '' End of 5.1 tests === modified file 'mysql-test/t/func_str.test' --- a/mysql-test/t/func_str.test 2010-03-26 05:49:35 +0000 +++ b/mysql-test/t/func_str.test 2010-12-14 15:43:34 +0000 @@ -1362,4 +1362,11 @@ SELECT 1 FROM t1, t1 t2 ORDER BY QUOTE(t1.a); DROP TABLE t1; +--echo # +--echo # Bug#57913 large negative number to string conversion functions crash +--echo # Bug#57810 case/when/then : Assertion failed: length || !scale +--echo # +SELECT '1' IN ('1', SUBSTRING(-9223372036854775809, 1)); +SELECT CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)); + --echo End of 5.1 tests === modified file 'sql/my_decimal.cc' --- a/sql/my_decimal.cc 2010-07-09 12:00:17 +0000 +++ b/sql/my_decimal.cc 2010-12-14 15:43:34 +0000 @@ -109,6 +109,7 @@ int my_decimal2string(uint mask, const m result= decimal2string((decimal_t*) d, (char*) str->ptr(), &length, (int)fixed_prec, fixed_dec, filler); + str->set_charset(&my_charset_bin); str->length(length); return check_result(mask, result); } --===============4974784717676049070== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/sergey.glukhov@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: sergey.glukhov@stripped\ # r0t4o3ecw8tamubs # target_branch: file:///home/gluh/MySQL/mysql-5.1-bugteam-new/ # testament_sha1: edf8bcba588fe58c86c0150db6580b9d03edddc1 # timestamp: 2010-12-14 18:43:43 +0300 # base_revision_id: mattias.jonsson@stripped\ # 6kf94uo8jiymcq00 # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWXFdSAMAA7/fgEAweef//37n n4C////0YAgrvvbPtn18h6w91e9LWr29ap7u7o7ZHwkoRGAST9KeNqTNIxA0QZppkGiYAIJJCmJj RNkISHpqP1QNGj1AAAAADSkxpPUxDCANA0ZGg0A0AANDQJEmpPSj1Mno0k9NR6anqNPUNNGgNMhp oBoANqSaYgajSelPJhNTNTRhqZD1NDQ0aAaAJJAmgE0NNJhT1PKn4qenqGiGm1B6IANMmrXVu1GG xzI6Wnh7dz/QxWYqLndfptQQQPLaIWNs7YrLY21FBo+OIBDK4+dGEMKaLt2hD8Uu/xuC/Reoy84t mi+K4pmY22vv9UWZr8VLlBA3ZBZhA5I4oiylps1q81hWsC3818+YorzYyvGW0OC15lAp5BP+bMCg IUMSnS+R1O4SSjYOK5GBHnfI0pSZLmRRAvYTLILZjkoCjXVCoCBb17mU3jx954cuyptl8fFjUxfz olpLkxttt6RerZemrYwEyeKCk8gmi4TlzFQeS/ZfBRDkb7FSWYa1BOezSS2sLwTKKzB7DAWS4gHI 3K5cLfeE7m8+Y0m1W8e6k6kLmhFGNQJ+OrJHg46LOSsV5jQTEWFskxp6k81rtrarVMlDfy7gBnWS KcwqCiJGn2HyODQAIIUhMxsNKrIkBlMk9SIKl60xgpiqVlRJElGP+kytiNBoEXJbiDq2c1NrNbvF BeETkmAOWN9Zha42yCjIbToct5SJBrlbj3Mjr0SolTHy4EYpzCILYfLDXEUhDFlleePHHXAkMbWt qdeqSxU3LaSNz0Gg/XUYOaAnMkGJWnqCi5IKTxssFenUFic9XTNo24ytG4ETU7KUBMU4m+Y+fLZI sUO4wVuFydKfVXilYUVEqzHbMRiqRDSMxSUlKgnyVtb6CvGk6qszL2iJfVjFbfXWqoOsa8Q7FkDm EWVjjNMvALDlxq2TlqM+o2yIrXVMeZ1kWkLm45ygYNLNPKldRDlsWarI7np4qoG7u1H/XioEQCag nI24y/HXQrV2IzYFOdWETfsKFFamfvMm1OKSVZlJbEXlxErJrI0zxTyNRvm+nboKYTVpnfewPdbu KXmZacykpZKd+Ey3BTodZB49NwuKi8nUXQUDVrkUKCZ7lwditeel0EU102k7k8voWDzYMNBSs45k qoqkVcbBxcym+VbzacSRaa5L+iJybVeDkxXsN6cRklFVOLiO3nN8ZbMh1pGwjvNOmrmLyqrEi9xw vCHK4M7qOFQICykYpRYospQowmml2iran1C3JW7LZjJjzmIOH5G3VSeIRV+UvwWn3GVpMZM3+lzy bWTzKFIUggGHwVewOgKB+xe5darjSZFBX+krEvAR+yI8mfMgigkSScbisvfUlAmJ0Pa5RqhQl7YD NoH5T3JqBnJqaL9AzjOg0wgS7H0+zyuEo+y09vvPVEJCmX4dks58Q7WRUkiepl45kGpdn0XhWMnV ARhSNijToDWmrDTd2KEz6TTw4+tbXdmPKpE2NhNmTi6OL/WNKl9yHApFP3iNl9PWQRRnZbAMMlxZ WG1eXeTOhgVBWZA6g5h5tLqtNfKbZBiJgu8yUsgrElZMVXCOSkUJQchaxjMwzP1J+WnExN0i+Bpi PVKKiqpD7NcSSXfhw8xcfE1pVXc4TOlyT3EcGBmBcar0FdsQOKhw8bJWY9GhYlPIZqWqhosGJJ9Z ycU3rOt9uZybAVAtDo6sOgb0u/s3QRhpqrfM5hOXDJlbfiuLPTmUaZ3p88ljM3s2pbkSrCUmCaZE aOdbs36HP4pCUKw1PLo8QoEM0UtSTCjNQS4CUuevcgblj3HI5m5cePQhEOZiGqK+a7+iZUDjNBG+ ydCcHCLyfNugVS1iZhm3VyGpZVctDaBhKKf6UK/HtZaxlbwXouGc5cR7wGFl4xyY9Y3AdChaJg2i U1KFaWt+LkZMrnYT8Ahu5mqXByXXgooW0zpUG8zN6G0ilCy68BiWtvw5PohWtohkOxYzFmnVzwVK l2l3yxMVmbdCzJ8lxWiwuLVf1109kS4C559+cGQ1YOHi9pp4xXy2BtT1vpOYaBJkEmOqcQDhhSmS vLY/11Qt/n9S4ww4SAJvV6fmSpMhMylMh6UFfpthxRilXyj3oX93PN2dSKFderAgHenQaW9VOUK7 FARApVkVYKpFSs5qYgKAaCcmZFKcng3RfvDMXeEPnvUVyOKtLm0Xd4IDk2YE5NzZHRQROY130EsB OCPseseeIlpuSHFmlhkk9KBCWD4QosLDR09JOoumGq6RrNbXuCn0MHCQiBYmgEgQ/QrwiY11oNJ2 RjzeFgoqYBe8DVcGMZL65UWURFINrJ/hQnLOVBuJ+lzmgEHpyyo2b9gXfQuKQ5rQV7jqDLX4Mqza L3VBK7r0qwOAULbnRo1XLIsj3YiIiLuVQzAPidtQIeiq5JjwkhwtiviHlJbcG5b10RO91LPemHE8 XBA+8R2r30lCl4iZze4RuUOk7ZRfunnOwayY7WJz1UTUMBvW/vqLLF3WmpxQ5MFFIrxUqLgR4sPp UnCrqPUZehC5KsphDtR5qEHogFow5IuZK/nHzzPTnQKsG7TIO5k8RJ5dcECBR12cSNBHfoQnxM5q VzzsOsxR2YjeYiQWjYJhDa0lzlKrKBOcFcNrMgnj+LuSKcKEg4rqQBg= --===============4974784717676049070==--