List:Commits« Previous MessageNext Message »
From:Georgi Kodinov Date:February 10 2011 7:37am
Subject:bzr commit into mysql-5.5 branch (Georgi.Kodinov:3318) Bug#59884
View as plain text  
#At file:///Users/kgeorge/mysql/work/B59884-5.5/ based on revid:mats.kindahl@stripped

 3318 Georgi Kodinov	2011-02-10
      Bug #59884: setting charset to 2048 crashes
      
      The retrieval of a charset by number was not
      doing bounds checking before accessing the internal 
      character sets array.
      Added checks for valid charset number.
      Added asserts for valid charset number to some of 
      the internal functions.
      Removed one superfluous check for charset_number 0
      (since the all_charsets_array[0] is set to 0 anyway) for 
      uniformity.
      Test suite added.

    modified:
      mysql-test/r/variables.result
      mysql-test/t/variables.test
      mysys/charset.c
=== modified file 'mysql-test/r/variables.result'
--- a/mysql-test/r/variables.result	2010-11-25 03:50:16 +0000
+++ b/mysql-test/r/variables.result	2011-02-10 07:34:22 +0000
@@ -1732,3 +1732,25 @@ set @@session.autocommit=t1_min(), @@ses
 drop table t1;
 drop function t1_min;
 drop function t1_max;
+#
+# Bug #59884: setting charset to 2048 crashes
+#
+set session character_set_results = 2048;
+ERROR 42000: Unknown character set: '2048'
+set session character_set_client=2048;
+ERROR 42000: Unknown character set: '2048'
+set session character_set_connection=2048;
+ERROR 42000: Unknown character set: '2048'
+set session character_set_server=2048;
+ERROR 42000: Unknown character set: '2048'
+set session collation_server=2048;
+ERROR HY000: Unknown collation: '2048'
+set session character_set_filesystem=2048;
+ERROR 42000: Unknown character set: '2048'
+set session character_set_database=2048;
+ERROR 42000: Unknown character set: '2048'
+set session collation_connection=2048;
+ERROR HY000: Unknown collation: '2048'
+set session collation_database=2048;
+ERROR HY000: Unknown collation: '2048'
+End of 5.5 tests

=== modified file 'mysql-test/t/variables.test'
--- a/mysql-test/t/variables.test	2011-02-02 18:13:28 +0000
+++ b/mysql-test/t/variables.test	2011-02-10 07:34:22 +0000
@@ -1476,3 +1476,29 @@ drop function t1_max;
 
 
 ###########################################################################
+
+
+--echo #
+--echo # Bug #59884: setting charset to 2048 crashes
+--echo #
+
+--error ER_UNKNOWN_CHARACTER_SET
+set session character_set_results = 2048;
+--error ER_UNKNOWN_CHARACTER_SET
+set session character_set_client=2048;
+--error ER_UNKNOWN_CHARACTER_SET
+set session character_set_connection=2048;
+--error ER_UNKNOWN_CHARACTER_SET
+set session character_set_server=2048;
+--error ER_UNKNOWN_COLLATION
+set session collation_server=2048;
+--error ER_UNKNOWN_CHARACTER_SET
+set session character_set_filesystem=2048;
+--error ER_UNKNOWN_CHARACTER_SET
+set session character_set_database=2048;
+--error ER_UNKNOWN_COLLATION
+set session collation_connection=2048;
+--error ER_UNKNOWN_COLLATION
+set session collation_database=2048;
+
+--echo End of 5.5 tests

=== modified file 'mysys/charset.c'
--- a/mysys/charset.c	2010-07-08 21:20:08 +0000
+++ b/mysys/charset.c	2011-02-10 07:34:22 +0000
@@ -419,6 +419,7 @@ CHARSET_INFO *default_charset_info = &my
 
 void add_compiled_collation(CHARSET_INFO *cs)
 {
+  DBUG_ASSERT(cs->number < array_elements(all_charsets));
   all_charsets[cs->number]= cs;
   cs->state|= MY_CS_AVAILABLE;
 }
@@ -529,14 +530,17 @@ uint get_charset_number(const char *char
 
 const char *get_charset_name(uint charset_number)
 {
-  CHARSET_INFO *cs;
   my_pthread_once(&charsets_initialized, init_available_charsets);
 
-  cs=all_charsets[charset_number];
-  if (cs && (cs->number == charset_number) && cs->name )
-    return (char*) cs->name;
+  if (charset_number < array_elements(all_charsets))
+  {
+    CHARSET_INFO *cs= all_charsets[charset_number];
+
+    if (cs && (cs->number == charset_number) && cs->name)
+      return (char*) cs->name;
+  }
   
-  return (char*) "?";   /* this mimics find_type() */
+  return "?";   /* this mimics find_type() */
 }
 
 
@@ -545,6 +549,8 @@ static CHARSET_INFO *get_internal_charse
   char  buf[FN_REFLEN];
   CHARSET_INFO *cs;
 
+  DBUG_ASSERT(cs_number < array_elements(all_charsets));
+
   if ((cs= all_charsets[cs_number]))
   {
     if (cs->state & MY_CS_READY)  /* if CS is already initialized */
@@ -589,8 +595,8 @@ CHARSET_INFO *get_charset(uint cs_number
     return default_charset_info;
 
   my_pthread_once(&charsets_initialized, init_available_charsets);
-  
-  if (!cs_number || cs_number > array_elements(all_charsets))
+ 
+  if (cs_number >= array_elements(all_charsets)) 
     return NULL;
   
   cs=get_internal_charset(cs_number, flags);


Attachment: [text/bzr-bundle] bzr/georgi.kodinov@oracle.com-20110210073422-1ihc54op1k3rn3vk.bundle
Thread
bzr commit into mysql-5.5 branch (Georgi.Kodinov:3318) Bug#59884Georgi Kodinov10 Feb