From: Alexander Barkov Date: March 24 2011 10:31am Subject: bzr commit into mysql-trunk branch (alexander.barkov:3319) Bug#11898467 List-Archive: http://lists.mysql.com/commits/133756 X-Bug: 11898467 Message-Id: <201103241031.p2OAVNnn023357@bar.myoffice.izhnet.ru> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3109526913130204266==" --===============3109526913130204266== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/bar/mysql-bzr/mysql-trunk.b11898467/ based on revid:marc.alff@stripped 3319 Alexander Barkov 2011-03-24 BUG#11898467 - SERVER CRASHES ON SELECT HEX(WEIGHT_STRING(STR AS [CHAR|BINARY](N))) IF N IS BIG Problem: Item_func_weight_string() could allocate unlimited amount of memory, which led to server crash. Fix: honor max_allowed_packet in Item_func_weight_string::val_str() @ mysql-test/r/func_weight_string.result @ mysql-test/t/func_weight_string.test Adding tests @ sql/item_strfunc.cc Don't return results longer than max_allowed_packet modified: mysql-test/r/func_weight_string.result mysql-test/t/func_weight_string.test sql/item_strfunc.cc === modified file 'mysql-test/r/func_weight_string.result' --- a/mysql-test/r/func_weight_string.result 2010-03-22 09:13:41 +0000 +++ b/mysql-test/r/func_weight_string.result 2011-03-24 10:30:47 +0000 @@ -76,3 +76,16 @@ hex(weight_string(s1)) NULL 41 drop table t1; +# +# BUG#11898467 - SERVER CRASHES ON SELECT HEX(WEIGHT_STRING(STR AS [CHAR|BINARY](N))) IF N IS BIG +# +SELECT HEX(WEIGHT_STRING('ab' AS CHAR(1000000000000000000))); +HEX(WEIGHT_STRING('ab' AS CHAR(1000000000000000000))) +NULL +Warnings: +Warning 1301 Result of weight_string() was larger than max_allowed_packet (1048576) - truncated +SELECT HEX(WEIGHT_STRING('ab' AS BINARY(1000000000000000000))); +HEX(WEIGHT_STRING('ab' AS BINARY(1000000000000000000))) +NULL +Warnings: +Warning 1301 Result of weight_string() was larger than max_allowed_packet (1048576) - truncated === modified file 'mysql-test/t/func_weight_string.test' --- a/mysql-test/t/func_weight_string.test 2010-03-22 09:13:41 +0000 +++ b/mysql-test/t/func_weight_string.test 2011-03-24 10:30:47 +0000 @@ -104,3 +104,10 @@ create table t1 (s1 varchar(5)); insert into t1 values ('a'),(null); select hex(weight_string(s1)) from t1 order by s1; drop table t1; + +--echo # +--echo # BUG#11898467 - SERVER CRASHES ON SELECT HEX(WEIGHT_STRING(STR AS [CHAR|BINARY](N))) IF N IS BIG +--echo # +SELECT HEX(WEIGHT_STRING('ab' AS CHAR(1000000000000000000))); +SELECT HEX(WEIGHT_STRING('ab' AS BINARY(1000000000000000000))); + === modified file 'sql/item_strfunc.cc' --- a/sql/item_strfunc.cc 2011-03-22 11:44:40 +0000 +++ b/sql/item_strfunc.cc 2011-03-24 10:30:47 +0000 @@ -3213,6 +3213,15 @@ String *Item_func_weight_string::val_str cs->coll->strnxfrmlen(cs, cs->mbmaxlen * max(res->length(), nweights)); + if(tmp_length > current_thd->variables.max_allowed_packet) + { + push_warning_printf(current_thd, MYSQL_ERROR::WARN_LEVEL_WARN, + ER_WARN_ALLOWED_PACKET_OVERFLOWED, + ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED), func_name(), + current_thd->variables.max_allowed_packet); + goto nl; + } + if (tmp_value.alloc(tmp_length)) goto nl; --===============3109526913130204266== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/alexander.barkov@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: alexander.barkov@stripped\ # b1wng23h917s530o # target_branch: file:///home/bar/mysql-bzr/mysql-trunk.b11898467/ # testament_sha1: 74a773a622faacbd74a39e69ce2e59264c708a53 # timestamp: 2011-03-24 13:31:23 +0300 # base_revision_id: marc.alff@stripped\ # hyb2z92bybx6ymnt # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWT0v/JEAA4Z/gFAxBABY5/// f+//6r////5gB4+fZYOVChibowuw0qgIMkU8qfqnkniMoGm9UbKaNNGgA0yNDQA0eoABJSamGmmk yMhoJ6kxqeppoAGENNMTQ0A0NBxkyaNAaNMRkaGIYE0aYgxGgwgAMOMmTRoDRpiMjQxDAmjTEGI0 GEABg2pJpGU0GGpkGhp6ho0NGjQNDRoaAyaGhoEkRGgCYU9CaNMmp6NTU9NU8aSGhoAzUNAD1M04 xXCv6Kmxjhmc99AYgyaTVDyfao/a7zD7ondHM6Bz3KVEEoksHoIG3Omk5nqUCV1pzxUbX8G8IylA VYr/emdJTiWtSMtyyOS0VaZmZhm/t/QKI0NB3w7HMYO8LntSe/HgoG4i6O7Eaa+nDx94JC6asktw jIS0OJU6rcyGn8hzI8uzeGalY1aeUTnVcGLLVqAqM3lgtMEwrSiESRigac6tyQWxPdtzGRVOAioh JuxIiJtFgN8GwsHP0Sp7V2ZmjTYSaYBLShadn2aqtJh4wrisDJOSgvTYAeZ9jeNaNF/s7Tc5Uaz/ QBwOFh6iPUPBUVLe+skeWD1K38xNTZqXunSHCRwSUPM7wNFqunXOTYUs7ZXCpEsyEFBhdqYURahh eHcx0FMRHEmJtKTQIiM2JCYSkUCHKB3JKn2hORmJTogoxP8zR20UG2Qicq69SVdkGPNu8UgPSCQ5 cJRKPOWUsbKJc81HoXhlmiMRNWyPBpdCrlIFxwhPIsZHciEU/ZVNiJAuWEgke1wbdxa1zKVnGjRr 3ZDCoGaIfvBsEeyFIyEYlpZe8xzoHCRQImghXmVQcdmvOktwpwtZuGVQKzsaZx9ZGnEpI1qqQoh4 ifbwBdtMCCZkKopMRjdQ4WZPIZVjDWTHKA3/g1CNQ5s2YmW+VYWQwIqAsSRARmRnaW3QlOG3IRXF imBqCysqCw7ScxJmJrMz/pR5SMDFwtKSm3FbxFdYXWm63JqKjbltKDhA69Q8IU653zui5mpqQqeQ hspCskrG11oqtMpXgbkCxPjTkiskxEKyfvU2Y3q1VFcJ6EdvPEvV+wwcRrrZh9l2TpiYJgodjXPj oXmysMSD4xnZikM6bqRhbugiv6KRdPmQMiBY15GMRwrvNsSeYvkdh9XZrms+XGjZum68C6EGJ7mq rVMAlPBDO0wTCnk0qfTFg2+gcexWnitztBmGSreJFUrpxXUcpvAvhfqwn4lyIcRiWsNToSDJMzQI /h7jExkMScQAmm+gZYi+GRLEynwHU+eY1E4SxlFUXGQkEnCX2icQz0zCviTFspCTIygIIkWEyWqw zP6kx9J6A+izVepJXjqZNYUgxHV/dVK1NXenIoIhTAHEx/AdWJhQTKkLBOuulQQPSgCmLUGNWjaV UTLTEE6CkJEEi7WGMxGASpKPEIQFtF8G4Na0LxQnv5tsHAzD0KB4YAFADZRHHEBOcYyUjPHxT+ki GnL+Rcxz4MSXqSTqOYecm82OQXFyEgMUnb1Knd3xagiz3KjaBdFpqVqDQYjgjSOM/zC8iHuL0zpY KbdgK1w33COkcfRfKQ6icGJzhhxW8sSO+BY587ye5Vqf4gN7GOpdwXqm86c7Paai0zqSGNTmh45h b8/CdtFF2QiZAW8yHyf90jky+fisU+7c+Zdbeja8kfMjvnSsFSdZOfqkCy1nV0B76zbmvLm4ge87 Pf1cmmh4k4dxp1nvVijMyoexOF3Ne9fRlO6p1I7fFkIE5VfBzMfXSaXgtq6y9mbsiMWYjQ2ILAWR hVnVRyRqRWIpWjUs6YhmnW0ypoYJiFFKbFPLrOWWPEwIjm9dmsg6gE5aqgkY/Bb15KmknO2J7TMH +Hx9GZmZnnEuDCNrGNDCdzUCwO6Jd//pBeCN3Q4d8REIIIiz5+4JlpbzBWLrSp7WLDjmvJsKNqXF 6LYBUCl1IJjSc2iurKaATpvycNJMorBa778Q3IZTYdDlj8uTLrNNrKGCv0C2ZgW5B5QlYHoRFdui F3svN5lYsEkwoeeDHvoEqCl+xkqraWE4ah344/ht8wDFmFwWtVh8C0HjmsK6jAr2LVB5heFMcBv7 LzCTKV6cMU7M06xoCWYTAUcSS9ohh6RyiqCJUNaS1TUniE9KWSrdMyGXjn7iSrIkpZ8zG56jUIOS gW5M9xnozJJgqVuxYWFu1kwx4wVon70NjuF2OmRAKqsS3ZNRKHn6m4M8dL0GVm41b3UuBfBIm6Op yCEezZBLcmRQazPe4WBVODWc4grpgVqx0Ygjq/CVNElVTMncKDQi40SoPkI6iO3w2WUb88rL4Bzw XeJl0uDRvJdrS6IsYuArFUgHE/LCGjGpon2NNA7SiVsx50xUPsFyBPBNFyLmcP4jhlWYlxik0t0F evWvu5dQ/w5D0RxFWuboB4l0LqpkYa+g5v4m/0iX/VYhklWroxy2YLlsn+IMkW8JYqLbLRa9FZOK KIYgY8RAgGM0BWUXcCjsFSkFQbajUso5bEtSdOFMr3hZVwpn/F3JFOFCQPS/8kQ= --===============3109526913130204266==--