From: Sergey Glukhov Date: December 14 2010 4:30pm Subject: bzr push into mysql-5.1-bugteam branch (sergey.glukhov:3521 to 3522) Bug#57818 Bug#57913 List-Archive: http://lists.mysql.com/commits/126809 X-Bug: 57818,57913 Message-Id: <201012141639.oBEGcfng020625@acsinet15.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 3522 Sergey Glukhov 2010-12-14 Bug#57818 string conversion function died Bug#57913 large negative number to string conversion functions crash String object which is used as result container of the item has uninitialized 'str_charset' field. This object might be used later to preform some internal operations and str_charset field is involved in these operations. It leads to crash. The fix is to intialize str_charset in my_decimal2string() func. @ mysql-test/r/func_str.result test case @ mysql-test/t/func_str.test test case @ sql/my_decimal.cc intialize str_charset field for result string in my_decimal2string() func. modified: mysql-test/r/func_str.result mysql-test/t/func_str.test sql/my_decimal.cc 3521 Mattias Jonsson 2010-12-14 [merge] merge modified: mysql-test/collections/default.weekly mysql-test/suite/parts/inc/part_supported_sql_funcs_main.inc mysql-test/suite/parts/inc/partition_decimal.inc mysql-test/suite/parts/inc/partition_double.inc mysql-test/suite/parts/inc/partition_float.inc mysql-test/suite/parts/r/partition_decimal_innodb.result mysql-test/suite/parts/r/partition_decimal_myisam.result === modified file 'mysql-test/r/func_str.result' --- a/mysql-test/r/func_str.result 2010-03-26 05:49:35 +0000 +++ b/mysql-test/r/func_str.result 2010-12-14 16:08:25 +0000 @@ -2600,4 +2600,16 @@ ORDER BY QUOTE(t1.a); 1 1 DROP TABLE t1; +# +# Bug#57913 large negative number to string conversion functions crash +# Bug#57810 case/when/then : Assertion failed: length || !scale +# +SELECT '1' IN ('1', SUBSTRING(-9223372036854775809, 1)); +'1' IN ('1', SUBSTRING(-9223372036854775809, 1)) +1 +SELECT CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)); +CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)) +1 +Warnings: +Warning 1292 Truncated incorrect DECIMAL value: '' End of 5.1 tests === modified file 'mysql-test/t/func_str.test' --- a/mysql-test/t/func_str.test 2010-03-26 05:49:35 +0000 +++ b/mysql-test/t/func_str.test 2010-12-14 16:08:25 +0000 @@ -1362,4 +1362,11 @@ SELECT 1 FROM t1, t1 t2 ORDER BY QUOTE(t1.a); DROP TABLE t1; +--echo # +--echo # Bug#57913 large negative number to string conversion functions crash +--echo # Bug#57810 case/when/then : Assertion failed: length || !scale +--echo # +SELECT '1' IN ('1', SUBSTRING(-9223372036854775809, 1)); +SELECT CONVERT(('' IN (REVERSE(CAST(('') AS DECIMAL)), '')), CHAR(3)); + --echo End of 5.1 tests === modified file 'sql/my_decimal.cc' --- a/sql/my_decimal.cc 2010-07-09 12:00:17 +0000 +++ b/sql/my_decimal.cc 2010-12-14 16:08:25 +0000 @@ -109,6 +109,7 @@ int my_decimal2string(uint mask, const m result= decimal2string((decimal_t*) d, (char*) str->ptr(), &length, (int)fixed_prec, fixed_dec, filler); + str->set_charset(&my_charset_bin); str->length(length); return check_result(mask, result); } No bundle (reason: useless for push emails).