From: Tor Didriksen Date: February 3 2011 2:46pm Subject: bzr commit into mysql-5.5 branch (tor.didriksen:3300) Bug#59632 List-Archive: http://lists.mysql.com/commits/130324 X-Bug: 59632 Message-Id: <20110203144625.9D21633B0@atum07.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6447497238293488175==" --===============6447497238293488175== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///export/home/didrik/repo/5.5-bug59632/ based on revid:georgi.kodinov@stripped 3300 Tor Didriksen 2011-02-03 Bug #59632 Assertion failed: arg_length > length The problem was overflow in max_length when we tried to des_decrypt() something which is not the output of des_encrypt() @ mysql-test/r/ssl_and_innodb.result New test case. @ mysql-test/t/ssl_and_innodb.test New test case. @ sql/item_strfunc.h Do not subtract the encrypt overhead (9U) if args[0] has length < 9 (In unsigned arithmetic, (1-9) becomes a very large number) added: mysql-test/r/ssl_and_innodb.result mysql-test/t/ssl_and_innodb.test modified: sql/item_strfunc.h === added file 'mysql-test/r/ssl_and_innodb.result' --- a/mysql-test/r/ssl_and_innodb.result 1970-01-01 00:00:00 +0000 +++ b/mysql-test/r/ssl_and_innodb.result 2011-02-03 14:46:22 +0000 @@ -0,0 +1,8 @@ +CREATE TABLE t1(a int) engine=innodb; +INSERT INTO t1 VALUES (1); +SELECT DISTINCT +convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d +FROM t1 ; +d +2 +DROP TABLE t1; === added file 'mysql-test/t/ssl_and_innodb.test' --- a/mysql-test/t/ssl_and_innodb.test 1970-01-01 00:00:00 +0000 +++ b/mysql-test/t/ssl_and_innodb.test 2011-02-03 14:46:22 +0000 @@ -0,0 +1,11 @@ +-- source include/have_innodb.inc +-- source include/have_ssl_crypto_functs.inc + +CREATE TABLE t1(a int) engine=innodb; +INSERT INTO t1 VALUES (1); + +SELECT DISTINCT +convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d +FROM t1 ; + +DROP TABLE t1; === modified file 'sql/item_strfunc.h' --- a/sql/item_strfunc.h 2011-01-17 12:26:13 +0000 +++ b/sql/item_strfunc.h 2011-02-03 14:46:22 +0000 @@ -1,7 +1,7 @@ #ifndef ITEM_STRFUNC_INCLUDED #define ITEM_STRFUNC_INCLUDED -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -361,7 +361,9 @@ public: { maybe_null=1; /* 9 = MAX ((8- (arg_len % 8)) + 1) */ - max_length = args[0]->max_length - 9; + max_length= args[0]->max_length; + if (max_length >= 9U) + max_length-= 9U; } const char *func_name() const { return "des_decrypt"; } }; --===============6447497238293488175== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/tor.didriksen@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: tor.didriksen@stripped\ # 4hki31ck3k7lzgqb # target_branch: file:///export/home/didrik/repo/5.5-bug59632/ # testament_sha1: 7f93f8c7637cd95f71411bd815d0272645f1a8ba # timestamp: 2011-02-03 15:46:25 +0100 # base_revision_id: georgi.kodinov@stripped\ # hi05so9jg3q05486 # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWabHKYkAA0/fgFAQWHf//39n 34q////wYAeOX1V9PUE9rTa9itAtrvOz2W4JKIZIym0GRpNqfqUPUfkmo8p6T1M1PKAaDQyCSk0B oymNEyEZRmk0GTEaANAA2oHGTJpphMjIGBGJowRhBo0wACCSEgyU8k9U80kDJ5TQep6mjTQAZNAH lANqRGQmUep6nqNMjQeoBkAAAAAAkkBCMRpGm1NoGginqbSep6jR6nomIGgEXFhLnO5hzqgRYmn3 +B/sxos6rL7MEH0M51NBhI0bLBshMdmA9Q7is1HBwPfFRe0Se6zJBC6fWd7D949XItHgYZg+/Wiy VkM+Oa7irq42YZsrIqYq2eQoar2OcvNdLoH7+w0xynInDOeBdu0Y7MS6R5dgH3nFTV+PHvkm8XFJ fpo9luXFZn052c6iKhBwfS88yf5nyGMAzlAol2Sy7wbk17oW72kw63Y/X2A9voSiYhbbwMTBm3tH kS6u/fIZZGk86icA/GVj+Z7TeWnLWzDaVrrTJkwjjQIqku4RpifYoN07FlL3W2chWtEevNRMUOak mJFaHafMmTTDJtW5OKCzLdDI40Z5qhB59lOeDVxWkepKCEMKGenJJPQwyFhVqzpyX7HWl4gTc1xN gK2TmJBOX0KDmu7ytLKig0N2LEdpRbFyiLLIoeeJ3neVNZUnhYwA5XfA3GvSas80ItaMng9VaPK+ Gvfa+WmydFoi075yGauWq9cIUV6z2QWUOffOs3HGOUREViO7Xq4xOdWqewuEYq+ArzOCLADTrNL1 kEXdQWuT883sa7hSqEwZnISMFiV7CesMaVPYRudcphi3MEahF8Ur1pGt2NTiSyhht0T6bHGh5iqZ B7yFG4Rq6gaoRtqYxkiMKlkcyjTOkQaI8k5cYYUXk0VDW2YKdvGbAuzLjmUtRi+cowzEcilHY2aV g8vG9FjmhLCpmjescNy7uNKbTeVkml6lwfIxjVXbmmkhRaIgA6TPtMYc5zpC58ygvWeKMkCZuK3j jMs0ImHBSUZyutBy7XwKcyaV7raahpFTtDQc6FOZZl11FUETxLzDWIjRK3MrnWDWuUNJPBSK3eKi RfOC1juaijRB+1ilmHxK1kMU4GDtCYrtZLNVc1kN7HrAwMlYtGalzp2vM06iTw2TDK3O6eu2AgIi ySIT2M4PlETTacyv2+XPrHwOIN7r5Ub9acaBzAx4p24edOhXHRc5/Qmke4N5I9oxQxGTDN9QlfBu ICtQNLeTN4OTcOoNwx2yZM/hMgg3GzyhgHCfQOArhxcJ0xQd5wCwaDh48wHlIVjCsKC4kUWc11Ew +Z4H2IcHjejimwbEGF+H3ojPo4UeKJLDIZ/k5UI6mLpv7eke0if0d8u5AT3HYGStlCYTlPn5Vqp0 vkFfFcZkEnQxUsMv65FhRKmt5uK1Gjb8kerbkMnVjryZ2lziZYfLePGM7i7Lks3n7rls+f5er3Od 68DwS5d+yCL7zvL9B1Gs5GegqqbFveI7E8AgYJKzRce9RILpMfG0fFFSaPxJdegjA2GYzERihDrW XkdZCTKah0qUYSKCVphHFZSn5KQzJFwX1ZyWFqFnUa9Hcy6Hsed0MBklrGVPAngys7OK+UaCWwq6 FyrWN6GKJSLlqEyJxGpRTtOchR4HleI/HwyQ5MW0vWJnsk6bm2fF1diMKmSOGLEQOgdSZF68VZeb Ms+bZWOTh26MwwywCAhmchwwvIsglCJzwW04G7uaBqDExLlE4yKb6ChbXZA1FgRyf2vq5plUqNNp iQIkEbui2S5/qnpSLAZhUK0epm16r3iMkiQHXgF7eAM5kNwAu8SB8KbaNy9laaetahDtAdDtAe5d ycdojbereWMpw1bTMwHr3JD4z/2+IQO1MC2oUGUE5mMLhXkbLdCPwQVJ17+Kp9wp8xdj1upk2PXT g4e5ZFEt6h6QXqETzWyiKxdlidrBYcOEOgHg+163wRarr3UgySZQGS5xLBcIN6YeHFkZjNOQJPaI 1Y9iSYipasXlwzUblkV+sKm2Nhij0veFETTlLcbH6YhDJDYqRgijlREQJkMZ1W6qEWujIEycQpne ogzClcTLHlX8mqPscSXqgiOotMKSUWpDYcoLt4t2kF1gMiwrOR5Ws27LWZZKOU5dbBKGxYOTAQCr xWSu+M5v9BW07hW/ctiCLWWidXuVI3Y2NCRxOcibrkkrmFtxJoM/MjRtgKTRWPNOOXyyr5gVfsa1 aefPOj3BWzMxyoHqtXhZ4bSOD7NOYOmoNwLCaWQOeCtiQE1dUDBjkMOtSrKk7FxtXXeOYtD7YyZr IApCcih6H+5b+rMbdOvW3OPgRC8eoKx77W2rMI6VyUfQTDUuwRrlQYheTHPE7gKZMGmVPJNGWOYx tdOETUDFR23Cis898qHTXa59EqJY61Sb5Hj+N6W2tFHFhFMjQ3ZYNqkcM1IYtvhefAiJtyPUIMaJ Uuw0iVnzijWMFQivGlQQvpUAo1/4u5IpwoSFNjlMSA== --===============6447497238293488175==--