From: Sergey Glukhov Date: December 14 2010 4:08pm Subject: bzr commit into mysql-5.1-bugteam branch (sergey.glukhov:3522) Bug#57818 Bug#57913 List-Archive: http://lists.mysql.com/commits/126804 X-Bug: 57818,57913 Message-Id: <201012141618.oBEGIoQK021578@rcsinet13.oracle.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1913541111253177459==" --===============1913541111253177459== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/gluh/MySQL/mysql-5.1-bugteam/ based on revid:mattias.jonsson@stripped 3522 Sergey Glukhov 2010-12-14 Bug#57818 string conversion function died Bug#57913 large negative number to string conversion functions crash String object which is used as result container of the item has uninitialized 'str_charset' field. This object might be used later to preform some internal operations and str_charset field is involved in these operations. It leads to crash. The fix is to intialize str_charset in my_decimal2string() func. @ mysql-test/r/func_str.result test case @ mysql-test/t/func_str.test test case @ sql/my_decimal.cc intialize str_charset field for result string in my_decimal2string() func. modified: mysql-test/r/func_str.result mysql-test/t/func_str.test sql/my_decimal.cc === modified file 'mysql-test/r/func_str.result' --- a/mysql-test/r/func_str.result 2010-03-26 05:49:35 +0000 +++ b/mysql-test/r/func_str.result 2010-12-14 16:08:25 +0000 @@ -2600,4 +2600,16 @@ ORDER BY QUOTE(t1.a); 1 1 DROP TABLE t1; +# +# Bug#57913 large negative number to string conversion functions crash +# Bug#57810 case/when/then : Assertion failed: length || !scale +# +SELECT '1' IN ('1', SUBSTRING(-9223372036854775809, 1)); +'1' IN ('1', SUBSTRING(-9223372036854775809, 1)) +1 +SELECT CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)); +CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)) +1 +Warnings: +Warning 1292 Truncated incorrect DECIMAL value: '' End of 5.1 tests === modified file 'mysql-test/t/func_str.test' --- a/mysql-test/t/func_str.test 2010-03-26 05:49:35 +0000 +++ b/mysql-test/t/func_str.test 2010-12-14 16:08:25 +0000 @@ -1362,4 +1362,11 @@ SELECT 1 FROM t1, t1 t2 ORDER BY QUOTE(t1.a); DROP TABLE t1; +--echo # +--echo # Bug#57913 large negative number to string conversion functions crash +--echo # Bug#57810 case/when/then : Assertion failed: length || !scale +--echo # +SELECT '1' IN ('1', SUBSTRING(-9223372036854775809, 1)); +SELECT CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)); + --echo End of 5.1 tests === modified file 'sql/my_decimal.cc' --- a/sql/my_decimal.cc 2010-07-09 12:00:17 +0000 +++ b/sql/my_decimal.cc 2010-12-14 16:08:25 +0000 @@ -109,6 +109,7 @@ int my_decimal2string(uint mask, const m result= decimal2string((decimal_t*) d, (char*) str->ptr(), &length, (int)fixed_prec, fixed_dec, filler); + str->set_charset(&my_charset_bin); str->length(length); return check_result(mask, result); } --===============1913541111253177459== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/sergey.glukhov@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: sergey.glukhov@stripped\ # mq3qxt2o3yzs6gnc # target_branch: file:///home/gluh/MySQL/mysql-5.1-bugteam/ # testament_sha1: 4ac91cd42ee89fcd5013cf8b8afc6cba3bff8fc6 # timestamp: 2010-12-14 19:08:31 +0300 # base_revision_id: mattias.jonsson@stripped\ # 6kf94uo8jiymcq00 # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWa0KB+8AA73fgEAweef//37n n4C////0YAgHfe3xG4oFN1e6gFtVV1kZMhKQUzSg8kaeibKeU8jSNNGmQNommgAD1DjJk00wmRkD AjE0YIwg0aYABBlRgCaptqntUH6pkAeoAAMgABoASJCZJo1MKAaeU9Ro0HqaAMQaANPUAbUkxCY1 GI1RsmmJlND1PJqaABoBoAEkhGgAmTEBDJqYjU9NJpo0NGgBhNGm5xXCXjYqCJZ5/WyTUTTTQ2/C 9FQ1rZSdyDymQa4Hnxbzm4WfEYA27Cej2+3efehv1Dfl9dhfCKpNRHoEt1JKlCKbG21+PsimnPdL BQQN0gpqgcyNcRSVjbsWc2BSryv819O0Ui465bRluDqWlygT8gm/qq8iEIsSzTo/dlWwUsmHDEVg uwfeVNajFaEAX8C7KrOZxYDljAQAZb5X6DKeLuvVu21PBN8WuFKM/tRNpLx5W22+yL1beBMVwehi ZDyMyeNByHG5E6+B9DtIJdK01lKrt7w8dMzRDQyOsYgZEuStRebEkulaCRqs9SVEm1VIWQzm1a+D zwvgjGoFlu2l0+LW2ykWMkgsEYirEmNPhTz2dq2VVOZIxz3gGlYxLkFIURMafSfs2OYBNCuE2dg1 LAoTLQr4K66KxcoU4UhFhZFvzYL0ospl5kZKhilrJRZw78W82wU15qG/AADhdhoMVaB4vBcFLilc rjAkDrsrc3WRNpjA1aGijFCetD5X5yCvEMVUaoezlr0kLxjsaxrlOVnW1yyMTZNBBzIPmNTmgJzJ BkTp6gqnJBFFyxTpChOerpBGJoNcY0jcS6sllxhATGBeT+um8pXIIuoJGLImtl15wArtDHijImeH PASLg0NDC5RS82OiYTHoVBeG6HPjIt/jARQpfMRfGFbMIKcBxddOXCsOfKMMyyw48SRaTzDy9aFR A6aiUYJLXRxgmWxWT4EojOAQFA4ZYmv52igExKOFt2IuPcLPVgtCdOivbwUCKf7VZ2jlyU2BpKtA zENeWEpUTrM1ph9BwdzwOE8Iqozxgh98JLi2GR4iKDesFhmrp8CmpYYupcbXrruJzMyynJJFdKT1 ayKgrHQeut2afCl9q1kNYimYEyKRmoNYkKhUggzoLZQKgXzcHitlg/Vm81kS+BdWXp2pn2Kdh6Yd aaJxelSouKjqzsNKruGsdqtyKiy+7Yc99O02ks8yte7Y2TmgrMm2zQmmEwcRWSJqKykSYTlc7CrZ PkRxBl7mXFMY4GMM/ac2mBgIp7kvuVn2GVZIZMzfk9D10sn8SFMJQQDD3qv5DlCQbxc66FXMkxSW TpDAP0I/ROPJHxIomKChJxwMRa+lKJJE0PfMUkiCu1grYBGkjEWgKydyxOkFcxm7C0Bifz9ebnym WzPr4BKjUez3FN8gSisMNfklkfAPKuRSzbWWu5B96+HzNomBW6kIQBELdAjGmlFpPFNYloxy1leT vTxxI5KJlGFePoTqR5aaSjjBSfWk5KlW/jktizOoRbzeDkyRV3FLHZUc961bigmKApNYOp7zmHDF 3xojyZtBXq9I/ZYSMJToCixE+1OCZPCXinrRkzQzT9McsjWSlrzGA9TooKKEPeQS4XaFJP4GSV+r tDa+njXcjpm2a71p6TSIgefqPKuY/A9XqW9PqnO2LTQoKCVPidjietXLfXqcmuFEWp0l3QN6Xf6W 0rv6aUPYpLOrk6Ni6V81Mm+K6Rmobr/116smWsKSoL0yK5eC14v5G7zzEoUBI8sr3hKIZq0pEmFF PS3CUnPZkgbHQ4E9NOAnShlRI/yOgCgvBwuT+THUikYHKUi7ihsiKWaEb/mzTJThsQywvxFy6C0q MGYSZBAm8gjHnSMvCuxjdZ2LwtGc5cx7wGFp+EmjH2DWDoSromDNBeXPxBTNlcLMxJ1t/FCbx4E7 kuR4tRARoVwTnC5jtbEUsKrLQGJdG9/J8YUrcIZDsWMhZJ1GF5OXdRwVQyxLBt5gr+RrNpbJVmPY cdyDUjddpuSZDUg4eLzMeyRfLaG5PXCc7QwEmQSsehOIB1W0jBjVkO7qEadfA2Pt1RSScYymbIEC 4kZiER6JS/dVLxjEKOiFD6eL146EU8rvKUnA1yZ4yVMU9IqANNDzVkEQKiuhCqWsVnaVwFwOahMy IpyeDeFuwMhZCH4aKteZ1Kosbku7igOxrkhw21hbh4qKE0v8gtQ5KHKYzbcyDLJIcVaGGST0okaM r4xmqKjPFC37yUxZIOeyg0mxC6HXOCjvYOt5WmeEgIfirgkMqqEGs8EZdrwqFIpgCx4GdgZSSrsl jVGQUob2T/KKcpw4EfS5zPcphGkd3HcFf1LCcPWtRuO4GWfkyoNovdOEOtloqB1RQuPUjr8OCxWL yREREYblDNIdB2lAKYr8wNb7ChGw0VS8Kt3uo+PQbqr6RRzmNQseDVM5xG7DfORUsomc21P5Rpkk ftjcdwZEw7ITnqgmULRvF/ooKqlnWYuIuTBGcVop1I4Ee9h86mciideKx6pspfD2o4zIOuIVDDki tksnUPswenOiU3t7C0d4E8RQ8ssCJEm4Vc6OYn7ImBoVc55zgSn6JHYSGQTJcU2IyE3rA7lKUJ6N 4h70qY+/1CMfoaj/xdyRThQkK0KB+8A= --===============1913541111253177459==--