From: Tor Didriksen Date: January 27 2011 12:37pm Subject: bzr commit into mysql-5.5 branch (tor.didriksen:3280) Bug#59632 List-Archive: http://lists.mysql.com/commits/129757 X-Bug: 59632 Message-Id: <20110127123714.CBDA633FC@atum07.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2252796295995132102==" --===============2252796295995132102== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///export/home/didrik/repo/5.5-bug59632/ based on revid:mattias.jonsson@stripped 3280 Tor Didriksen 2011-01-27 Bug #59632 Assertion failed: arg_length > length The problem was overflow in max_length when we tried to des_decrypt() something which is not the output of des_encrypt() @ mysql-test/t/bug59632.test New test case. @ sql/item_strfunc.h In unsigned arithmetic, (1-9) becomes a very large number. added: mysql-test/t/bug59632.test modified: sql/item_strfunc.h === added file 'mysql-test/t/bug59632.test' --- a/mysql-test/t/bug59632.test 1970-01-01 00:00:00 +0000 +++ b/mysql-test/t/bug59632.test 2011-01-27 12:37:11 +0000 @@ -0,0 +1,11 @@ +-- source include/have_innodb.inc +-- source include/have_ssl_crypto_functs.inc + +CREATE TABLE t1(a int) engine=innodb; +INSERT INTO t1 VALUES (1); + +SELECT DISTINCT +convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d +FROM t1 ; + +DROP TABLE t1; === modified file 'sql/item_strfunc.h' --- a/sql/item_strfunc.h 2011-01-17 12:26:13 +0000 +++ b/sql/item_strfunc.h 2011-01-27 12:37:11 +0000 @@ -361,7 +361,9 @@ public: { maybe_null=1; /* 9 = MAX ((8- (arg_len % 8)) + 1) */ - max_length = args[0]->max_length - 9; + max_length= args[0]->max_length; + if (max_length >= 9U) + max_length-= 9U; } const char *func_name() const { return "des_decrypt"; } }; --===============2252796295995132102== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/tor.didriksen@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: tor.didriksen@stripped\ # 4yl79sqzdbziaj4v # target_branch: file:///export/home/didrik/repo/5.5-bug59632/ # testament_sha1: 48246bc6bd7cf46ea5e1e24939606535fb5b9b72 # timestamp: 2011-01-27 13:37:14 +0100 # base_revision_id: mattias.jonsson@stripped\ # 8fngni1uuyybmz9u # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWaqE+LQAAmxfgFAQWGf//39n 34q////wUAXN7O47TWbqHLu5xZ3bXbYSSIExGibSZiaU0/Smm0aR6npoT0T0Ro0aZAyQmTJij001 CntKfqh6mj1HqAAyAAABkICJhATJimYNU9T1DT1NADEAPTUHGTJkxGJgBMmCZADRhGAIYBJRMgNU 9qGCGk2ppNqeSD1ADQaAAyP7WM3Yx3VWvY/HoevHFnskrpinyuDigc4743JdTIhvS2TvF7yBWjhI DHu9mizuzjDUiIfx4H+ui2xGG2+9kRH7wstpysl0/v6Nf2UFv88nNlAsf4KsH595+O6nucaLn8Z9 hXNFjb3D2VvyO/g1ZREEuG9Ph9HYrrLW1yw3c3v6SN3uQ9kHNImG+kTz77oCDHrjedF2LOazKsay heTAekoFKaHz2TKStM+Rxv7qoxqejN8tTFkFCBYjuflDQjMdfG8TWutLhOJNV9W7BxKFQHm8SUAA gynCwhax4kPP72GTWHStR63qUrgUh0Nw2a6AAld1BcSfUpzDFdZjADyTWn0hHAIAF4Jn2LSmYYhP cBOkcoXto50uy+/HUbt0XQN0C15szjSJpYpiJIp7ajXkmo5klSCascWbnLD/WzMAKaslg4bxv3Ha 0zx5aGHpsYLk6aEYm5V6jqOpp2SU4GBB4UTXZVzYcmqLlYyCZ3K4bfAhCI9zXyuXlycGkeZ2b1ln 0qO5c4F4DiGeJgrZ74W6aOlbA+OIuh01GkQFAc7oV6UGuuSBEMgrISkMu/U7bK+EoEhW4Hc2oeML nSEbq5VI6KxrAmnSGbqDNSN01RAhEPXwWBc0TDna6jCzHoblC+T9YUy4tEtGGOZm1boXKMZBqWgW B9UcS4qG2bBNqPFAu82IH+NGUmFJGN97laSsiivCkMLFxcBBQHhYopZ8yEkkY1cfXuy3KHtqhtqJ RqWZfMbQ/l8CY3TO23gW89YPq0uIZmTeQ6puTCDJ4z8Qs1HgOSZpS5zZuVXAVCz7jmXztLoePMUM Xp++meQlbAR4opMHKUxnl0bHLdUtI2dhdfWiL4xBDch03G21RC6ZMJqNntH2HhwQpKKU5PRD4AZm yHFDT2LtnSpnY6m85lvqIxgfmM6ejo3eN8wFRZDwtgN5h7uK/EfpaWVm/eznb8AGg1IzOQ/hYUFG k5CnxyE0zVNkTkKQwQqNGb4J7jvmkrcHWfMtKOOLjq26DQMZAN8KQw4j8KSWdGR1gdLznMTApwwT y8Ya0HBURVaRmVGHGaDp1HLBnZCoGLMkZcqJfKOLDHaWs9xYXFdKx62wA44EJbQUyEMdysIYce0r DnZNizoIWpfsS74qlMjOCEDXqeTcaSgGTIM9D5pqVdEDlUwJREEyONLiHP19KnNo00Ba42EVecJj bKXUG9VK8rVXeVdAwoLq+K2jh49GO5/Q0TiIDsaxqzdUsiVutYM4AxrAZtFzj/tiitXOQ1psyGU6 suAogVTaXxVY2F3e5A+GP2gVJAIyoK4i0pGLUc+OfDR5x9d1ck+FEXIjZOtGPmjNXHkA4k5ZFsVt xLLoyof8BF/apAcGDaA9aIJlkzUKRCYOYjpfAVhq4dEY1GJlm3oTEWLOso9/K6P6WgUzONdK9OJ3 CMTYy9eYzwSXuZiUICYA4WEUqHspDJiEFL6ihLjQ4bxN1dEzCQKIBBS08iWrKgJHAdoJ4JAhRTRh Y0eB5A6SChET41GM9JCfNOxRhC+swwnqPUpJskMcekL+dYHThmlrTwMDqhyBjKmcEDRYHk1a7DG8 Q8rsa4EO7UpNt1sZLMwCINJKy6kchqwr2VyLG7wRViHszGusiFjzSGSPSyi4cxzSMc6p7QBfPzrt LECBDEJ2nDVozLuzmhjNbW0HARqpgOwJRjNSMJuQX9TZAbkikYSXT7n2Up9l4x0KLbDWkDvJQip2 8VkPYuKgKawNDemQ4Hq6AeT0BjLIVTd6jUeol282hqS5KLMxEDugz3oah8DnKyIgDkJ2m8AaHEim LJTZgNSvAjV/xdyRThQkKqE+LQA= --===============2252796295995132102==--