From: Tor Didriksen Date: February 3 2011 8:10am Subject: bzr commit into mysql-5.5 branch (tor.didriksen:3300) Bug#59632 List-Archive: http://lists.mysql.com/commits/130301 X-Bug: 59632 Message-Id: <20110203081003.5340B33AD@atum07.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4067038570947840119==" --===============4067038570947840119== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///export/home/didrik/repo/5.5-bug59632/ based on revid:georgi.kodinov@stripped 3300 Tor Didriksen 2011-02-03 Bug #59632 Assertion failed: arg_length > length The problem was overflow in max_length when we tried to des_decrypt() something which is not the output of des_encrypt() @ mysql-test/r/bug59632.result New test case. @ mysql-test/t/bug59632.test New test case. @ sql/item_strfunc.h Do not subtract the encrypt overhead (9U) if args[0] has length < 9 (In unsigned arithmetic, (1-9) becomes a very large number) added: mysql-test/r/bug59632.result mysql-test/t/bug59632.test modified: sql/item_strfunc.h === added file 'mysql-test/r/bug59632.result' --- a/mysql-test/r/bug59632.result 1970-01-01 00:00:00 +0000 +++ b/mysql-test/r/bug59632.result 2011-02-03 08:09:59 +0000 @@ -0,0 +1,8 @@ +CREATE TABLE t1(a int) engine=innodb; +INSERT INTO t1 VALUES (1); +SELECT DISTINCT +convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d +FROM t1 ; +d +2 +DROP TABLE t1; === added file 'mysql-test/t/bug59632.test' --- a/mysql-test/t/bug59632.test 1970-01-01 00:00:00 +0000 +++ b/mysql-test/t/bug59632.test 2011-02-03 08:09:59 +0000 @@ -0,0 +1,11 @@ +-- source include/have_innodb.inc +-- source include/have_ssl_crypto_functs.inc + +CREATE TABLE t1(a int) engine=innodb; +INSERT INTO t1 VALUES (1); + +SELECT DISTINCT +convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d +FROM t1 ; + +DROP TABLE t1; === modified file 'sql/item_strfunc.h' --- a/sql/item_strfunc.h 2011-01-17 12:26:13 +0000 +++ b/sql/item_strfunc.h 2011-02-03 08:09:59 +0000 @@ -1,7 +1,7 @@ #ifndef ITEM_STRFUNC_INCLUDED #define ITEM_STRFUNC_INCLUDED -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -361,7 +361,9 @@ public: { maybe_null=1; /* 9 = MAX ((8- (arg_len % 8)) + 1) */ - max_length = args[0]->max_length - 9; + max_length= args[0]->max_length; + if (max_length >= 9U) + max_length-= 9U; } const char *func_name() const { return "des_decrypt"; } }; --===============4067038570947840119== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/tor.didriksen@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: tor.didriksen@stripped\ # jfys7vbsu4ct1y1i # target_branch: file:///export/home/didrik/repo/5.5-bug59632/ # testament_sha1: 3d968f09e47495f9a6571d0041b8bf3dfb2ef2fd # timestamp: 2011-02-03 09:10:03 +0100 # base_revision_id: georgi.kodinov@stripped\ # hi05so9jg3q05486 # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWVzs+YcAA1HfgFAQWHf//39n 34q////wYAd8X1fQ9UoPem3LFsDVeT0G4SSUwKfqTU8aU2p5kKeyk/VP1T1Pyo9qGo2oGmgyHpBl IyNDU9KeKeMoyg00A0AGmmjQANA4yZNNMJkZAwIxNGCMINGmAAQSmimmmlNpGpsKaGZTENNpPRGT TIaGAxQG1QmIU8UzU00DR6ID0mhoADQAABJICaTAjTQCaaaaammiZT0jE9T0QDRoI+yLNw6UffFv EYHO38mvIT9m7FPXdvVX1+MLgiTj2bryKDpAc47jTyl69ltVZcs03lZjYIbs6DNs+fo/WVsW0hIO /cYnVOE6v25JS9KQo23wol8KcQjLcjQXGa9XrPDuHGWQ7TCGg8Su6fLRkWkjK8RHLEedy/PLvhfy iMxuzq9r7PJYPpiznVRUIOD9dx+4n9j9BjiGJUKJp0XafF01l2v1sb3kVe6OzAvCTBSlAyFdKDJh ruBGYFq/G+EtkZnyrJwD8ZXP7H3HiXnnwZhs1wtTJkwjrXDv9NAwjgNhtm+aKFfU+NtKsea0lulO qoQcAwFpihhwlYjbzT5tpoX3Pg2rGSvyrQffsr1Qa+KaU2IKadBCHInmOAHgDLeTJ1LP9lPBaFMo 3RTQn0cPEMv3ifBfqTOy7/PkZEypp7F5FsM0Ok5XwkKczU8+J7j3E2v0J4XsAOX2ORw2m3GQkXOT oygD1TVzwybbIVVKuIaPxQYs2WmScalRuGbAa8G/kiNcgxCk0mo47npx5HURMR2r2dfA6pwjnvbE EXgFXIjrgtQCy+2VDo9T1lsghYkQvgJsFwwyNNEZnF80r6SCwIWpI0rEcyvqK+DGy7X42j7DJScU Hx2fIHKeN9jM4NTYqzA9FBxYYYQvI11KzCEg4czYHrtKjoI9FGgUKaYjCHy4DQ3LMLxOmJDJokmJ zchbr23kHxuJEsaW68H5lysjtouJJynddqdYolcClI1ApVdG4daS1OsN5TgtUkSukWmZXZAeYLCU fFRUJTC1OJ1poR3wzuag800vV612FII0YFpT2EP1VxpgJPcEyhrLcOTlElLBxfGATHX26LOjkK6Z o0kjWMhcd9dAU8LMEy0xmSdfi9qebXnPEtLNqZZY6LHDmuMKRIOe3F7h2syOz1ygICpRDFTPWnCJ WDKanMv6Ob35CKjgBuE8Um2dOGmZmYPcmzmArvTy97jkEqR8Q/pAdIi0wCZCXaFV0GkgK2gVWooa gco4dgaRHqKFDWUIINJxZwvhtH8DWNgLTANbImajWFg8Ky0tMi0qDQMaAmYkiq7ssiYfQ958nB8d yKk1DJfDsRBFW4UNKHPOgbyVZGBb7Tm65hspyJezT4EALoHQOtAcaFARAxleHO82RLdmOaUgJYg1 oFvvnFwaswQOiDikjL3XoYLtDwsYg1lSRKEjRcIQgIpYmxy7DuVWrgI+3Hi0DnMzncaTcl6rNkCM lOnS+BxQazMl4HmaXlljWNtTgB5wSVl2JrUSC/9PiIaErx8kfyTR/Qln4jzLM0mkiMVIp6NWj1Ib DqRml4nNdFiTaRvM1XlrDckdw0Kvas70LFRt1d2XY+Dz0hxGSU4y2kVDLFUu+IhhnI9lqqWkmtZT DxVPE0xQFPNRlsdAFsE1Yk2cc8LdyxFsJxjApscaHaYGzkYpkEjp5MRA9AyTI3L4rduONk+zWMeb h3hGYZWQCAhmchwwvmXQShE8+S7nIZxmHRdDBdCJz2zJqgZqwH0/ZevVMqKrK08iBEgjl6L+wjjP s9PSJFwMwqlePUzi9W1xIgZ7g2N7wZzIbwAx+BA+1LquK9rU096bEPM8DeBBwPTLsnnhsV3TvGUN nIvYD69kh8bKv+7ZBE3JgXFCvaZI2DHiLUZW44f4LlIb+miXnyCi0Cv51szQ2RqfF1yCL1MoF1LZ 0mF92cVs6j7gWGGAaAeD7XrnC1adrqAySZQGS84lwvGDds+6lkYzHhNRDtyWJJkZltx+V/RiuWVc 2cMztbtWOC6OML3uOhVjN32e9DJDYqBcitxEe94mY1KTlESlaZCVNIUTOUQYwT2kqx1X8lg6tpJn UkRs941EkosoDaaoLuy20AuwBiKy4cri4tDFnq7W8apjFegKHJcXJgIBX8Fot3RnN/5CvpzFf9FC 24XK3mqDae7PSNjjwTfzgktDC9cSiDV7Iy9XhXREh1E4cW1Yq84NX1Kxsejbpa+wFaSRwMDysb3J 4VwxjICOGe0NEajmCyjBwd71jkXievuuNbVsfJQWyo+a5NbbrHMXh87nAoCcjkIpBEP4Lx14nPZx 4t2j7yIbx6gr35QOawEViPS2al+ImGrdyRxlQ6huJjnid5CimHmyrrHKGW0Z+irXkcQZT+/EWpbc +EEVxx3yvgiGMxHRVudrO/1tSPfJFbhXPr1mTbWD6iPZRMZx6YpqnGXVREtkcoQYYCpdprj2OmFG 6MClLrQMgywCLQeo9APlyf8XckU4UJBc7PmH --===============4067038570947840119==--