From: Tor Didriksen Date: February 7 2011 10:17am Subject: bzr commit into mysql-5.5 branch (tor.didriksen:3307) Bug#59632 List-Archive: http://lists.mysql.com/commits/130536 X-Bug: 59632 Message-Id: <20110207101749.DBDF0376C@atum07.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5870147796688749816==" --===============5870147796688749816== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///export/home/didrik/repo/5.5-bug59632/ based on revid:ole.john.aske@stripped 3307 Tor Didriksen 2011-02-07 Bug #59632 Assertion failed: arg_length > length The problem was overflow in max_length when we tried to des_decrypt() something which is not the output of des_encrypt() @ mysql-test/r/ssl_and_innodb.result New test case. @ mysql-test/t/ssl_and_innodb.test New test case. @ sql/item_strfunc.h Do not subtract the encrypt overhead (9U) if args[0] has length < 9 (In unsigned arithmetic, (1-9) becomes a very large number) added: mysql-test/r/ssl_and_innodb.result mysql-test/t/ssl_and_innodb.test modified: sql/item_strfunc.h === added file 'mysql-test/r/ssl_and_innodb.result' --- a/mysql-test/r/ssl_and_innodb.result 1970-01-01 00:00:00 +0000 +++ b/mysql-test/r/ssl_and_innodb.result 2011-02-07 10:17:46 +0000 @@ -0,0 +1,8 @@ +CREATE TABLE t1(a int) engine=innodb; +INSERT INTO t1 VALUES (1); +SELECT DISTINCT +convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d +FROM t1 ; +d +2 +DROP TABLE t1; === added file 'mysql-test/t/ssl_and_innodb.test' --- a/mysql-test/t/ssl_and_innodb.test 1970-01-01 00:00:00 +0000 +++ b/mysql-test/t/ssl_and_innodb.test 2011-02-07 10:17:46 +0000 @@ -0,0 +1,11 @@ +-- source include/have_innodb.inc +-- source include/have_ssl_crypto_functs.inc + +CREATE TABLE t1(a int) engine=innodb; +INSERT INTO t1 VALUES (1); + +SELECT DISTINCT +convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d +FROM t1 ; + +DROP TABLE t1; === modified file 'sql/item_strfunc.h' --- a/sql/item_strfunc.h 2011-01-17 12:26:13 +0000 +++ b/sql/item_strfunc.h 2011-02-07 10:17:46 +0000 @@ -1,7 +1,7 @@ #ifndef ITEM_STRFUNC_INCLUDED #define ITEM_STRFUNC_INCLUDED -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -361,7 +361,9 @@ public: { maybe_null=1; /* 9 = MAX ((8- (arg_len % 8)) + 1) */ - max_length = args[0]->max_length - 9; + max_length= args[0]->max_length; + if (max_length >= 9U) + max_length-= 9U; } const char *func_name() const { return "des_decrypt"; } }; --===============5870147796688749816== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/tor.didriksen@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: tor.didriksen@stripped\ # gdtl07a1puu743yf # target_branch: file:///export/home/didrik/repo/5.5-bug59632/ # testament_sha1: 88a5dddfc5c8183b67a580fe92eb6d89bc5ac89c # timestamp: 2011-02-07 11:17:49 +0100 # base_revision_id: ole.john.aske@stripped\ # ix1ch1gq52ti51i9 # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWTDPA+0AA1NfgFAQWHf//39n 34q////wYAeOX1fI89MpbGvU2egFoYN7vCUmpMBIzJPTU2TKZGnqaaNNDQGaQ0GQ0CSgTVNgxTFT 2gp6aTagAAAaAAeoHGTJpphMjIGBGJowRhBo0wACDISNA0iemTU0ZPSA0NAAAAAANqSZNTAU/QgU /UYjUNlGgyA0AAACSQITTIGmjRqYCaATFM01NNMgBtTQ14sHrx4MNElI1Epr0H7KT36J4L9ql62z TdUGDaivvq2JQqIAOUKoL8oooWDRCCNgVz7CAx7uYXU/NVmQ2a6BEA9fEh7nsi6F6e2OKpECJU9o kEWbbEwugg4BAZZqqDZ6ikbx5FkLxtKss8d+JJh0q3x19wkVPjdrbh3OHAXWz92LDwWN9GRnOnio QcH93HmTfmfUYvDITiiZaa8u1bmPLTV1qQjlWR3HxJsea40SwxBMsAMRgzL3jo0lPvnbKpGg88BN APWVb+Z7jeYjpvZhtCvqEyFywQ6/fSmXMhZtrbsic0Kji6tbNRk/hptrV1xGYBgWoUdrxrhkw2nY XqC5LcH1OVd8TMJdmii97WwL1MTjxCYJMIwjAHvzxT1qM5FYE4duUkKEsoidOYemUhPX9D6jkufj rMxOZWtW4dnRki5RFTIxPO85nMwNXgTwrnEOAHr5lhdadeOSETtGWOAQWDL43Q0cJOqfovNqJn7q L75qZyuquEZnqyt7XS+Ct0G0mt2e9YLORsct50GdFFWCIcZbNu87Ami3GQImAbyGu3aQCEpnx466 6WWb7mMopULkUKgLUBbhG1BwSHCYDdhW+xaBisfVRKSwG5tVY2zYwtjhunkSMVFpYP1eJqjeIoy6 bGZ4p0EZUVyjkclYIiwQ4oYYQ0kLb3QCa/cag1GE2p85AyGLenk0+VY6Cs76b1SraqsM+c4qizNQ vpelKzZSVYTW6MY21uZrxDqprRrmn1YwJO1aTofdx0VrJsS81LGCLQeROcaMJbdMHbFBPqwwxYHJ mT2ENPiVDo65V6xERFJS1BJ9jU41onMD0RmEYc4w1k0Fmpfc4oNBO9Rqi4w1vC4jXVh3MolCWLC1 o1UYqgJ11K5tGEb3D43ycyXSyRIrKGpTwML9EFKpEL0sQcrJagQyVpHI4BgGZS9xDir0cD5SE0zT TFfu8uVo+BwBvS6U+3cnGYcwMeCduHnT5qk86XH3kqEj1D2InxGImQZMM37BCp59h4STxoexQewO KHB9A+wxqKCg/0oHjz7HZ3hWGM+YchUKygq4ET+HILRwVlxcYlxzBYMLAiZCRPX0qwmD9TtPJDg+ FyOKa9uAML4/BEZubhR5EFskoz+SAdA6hC10EMZz52zNuIdVaAPxnYHCkUAiKSp1elytlP/wXeq9 aUEamVrGn+vkfVbDHQnO+cxMlhDNPxIM3jVMOk5pwyYcLhCXC5WNDCRS7HZPlKsHppraVVrxHSic 2TBYQtUSzDBSMoKi3QQQTouJkqKAPNiSuw0nUoD124joSHQRYmQ4FWXOOKsiZMgcWlCMHNqUdhC0 4kSZKAbjalgKxpGksU2awMmhI6gxcVfjQu8RmWTFn62XMk85wvGEGsZbyTMquJ83wUMjqN5rUSXU xJUI30oaSyWkkVY6HKNa7lWKq273V8LWzPW8qpsnvaP1dXiRrwMkbt7EQOYWJkeCuuOimXJqWOLh 22MwX0wCAhmchwwvIqglDvJHS4NiZdRcUwLQ4HAyLgomtt905OsAYdJiCFPsu3kmWBUaMRwIESCN nUuiXJyUYCGqBmFWSOhyw2KaYkBp1hpbsBnMyYG2gZPAgfOjNPsXcS1JnrKHaXAQXQytViw8O6PV C280sB8uSQ+M330xCBcmBXoWJpiRoGNorCzDjxI/kmPLjfPhxilcLzwrbmj2QUy1W/hlTlnXitnE w0Knw0C749QKVdYWCKQgEK3mx4rC/S6lJgN44gmDuzq5G57erLj0MK9SsV6h0aZpJiMVwn/vL1r/ wtKr1Bi3e3dN/gjEJOacDmpFvU51QyTgTSIK0VTlBTTTIYTLAncQQqHBxDMp7KIKIMwoOMy4XaOO 0mwfVYDU4owNaSVDWB0OUV7fH01gu0BkXHW4uWHPapYss5z54IfkZ3DJJ6VHhKbNcIxm7EXeVCp3 EuY6ye7kQ+3cUJsODTAtTltTfpBJUsLtylCCz3Iz9rwwUIkOYYqfbHvBS9WqVvjmowOpCTMzHJA6 M65s57WjgdfbpDBGY3ArIwcHXWseYrE9ULxrLGpQx6LRQea6GrruHMYw84yZsUAUhORO9D/RbsmI 2W69bc49xELh6gq3vxNsWMR1VSUfUTDUOvRqlOcAuJhzxO3iimHmifhHNiUMMxm8RC6vLE2Axc3o wFktevi9FcMNtU3ofhRVpEq4Rm7IE54yJlBpaawVpiUELnLhflLggkgx4cQLzpfMp52OUsXaZzlJ 2fSLNIYLQxQmRLwJVkakQvRf4u5IpwoSBhngfaA= --===============5870147796688749816==--