From: Sergey Glukhov Date: April 27 2011 7:36am Subject: bzr commit into mysql-5.1 branch (sergey.glukhov:3673) Bug#11889186 List-Archive: http://lists.mysql.com/commits/136143 X-Bug: 11889186 Message-Id: <201104270736.p3R7aIlJ013275@acsmt356.oracle.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3209512632963666427==" --===============3209512632963666427== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/gluh/MySQL/mysql-5.1/ based on revid:guilhem.bichot@stripped 3673 Sergey Glukhov 2011-04-27 Bug#11889186 60503: CRASH IN MAKE_DATE_TIME WITH DATE_FORMAT / STR_TO_DATE COMBINATION calc_daynr() function returns negative result if malformed date with zero year and month is used. Attempt to calculate week day on negative value leads to crash. The fix is return NULL for 'W', 'a', 'w' specifiers if zero year and month is used. Additional fix for calc_daynr(): --added assertion that result can not be negative --return 0 if zero year and month is used @ mysql-test/r/func_time.result test case @ mysql-test/t/func_time.test test case @ sql-common/my_time.c --added assertion that result can not be negative --return 0 if zero year and month is used @ sql/item_timefunc.cc eturn NULL for 'W', 'a', 'w' specifiers if zero year and month is used. modified: mysql-test/r/func_time.result mysql-test/t/func_time.test sql-common/my_time.c sql/item_timefunc.cc === modified file 'mysql-test/r/func_time.result' --- a/mysql-test/r/func_time.result 2011-03-30 07:08:35 +0000 +++ b/mysql-test/r/func_time.result 2011-04-27 07:35:57 +0000 @@ -1405,4 +1405,16 @@ NULL SELECT ADDDATE(MONTH(FROM_UNIXTIME(NULL)),INTERVAL 1 HOUR); ADDDATE(MONTH(FROM_UNIXTIME(NULL)),INTERVAL 1 HOUR) NULL +# +# Bug#11889186 60503: CRASH IN MAKE_DATE_TIME WITH DATE_FORMAT / STR_TO_DATE COMBINATION +# +SELECT DATE_FORMAT('0000-00-11', '%W'); +DATE_FORMAT('0000-00-11', '%W') +NULL +SELECT DATE_FORMAT('0000-00-11', '%a'); +DATE_FORMAT('0000-00-11', '%a') +NULL +SELECT DATE_FORMAT('0000-00-11', '%w'); +DATE_FORMAT('0000-00-11', '%w') +NULL End of 5.1 tests === modified file 'mysql-test/t/func_time.test' --- a/mysql-test/t/func_time.test 2011-03-30 07:08:35 +0000 +++ b/mysql-test/t/func_time.test 2011-04-27 07:35:57 +0000 @@ -913,4 +913,12 @@ SELECT CAST((MONTH(FROM_UNIXTIME(@@GLOBA SELECT ADDDATE(MONTH(FROM_UNIXTIME(NULL)),INTERVAL 1 HOUR); +--echo # +--echo # Bug#11889186 60503: CRASH IN MAKE_DATE_TIME WITH DATE_FORMAT / STR_TO_DATE COMBINATION +--echo # + +SELECT DATE_FORMAT('0000-00-11', '%W'); +SELECT DATE_FORMAT('0000-00-11', '%a'); +SELECT DATE_FORMAT('0000-00-11', '%w'); + --echo End of 5.1 tests === modified file 'sql-common/my_time.c' --- a/sql-common/my_time.c 2011-02-02 17:05:28 +0000 +++ b/sql-common/my_time.c 2011-04-27 07:35:57 +0000 @@ -772,7 +772,7 @@ long calc_daynr(uint year,uint month,uin int y= year; /* may be < 0 temporarily */ DBUG_ENTER("calc_daynr"); - if (y == 0 && month == 0 && day == 0) + if (y == 0 && month == 0) DBUG_RETURN(0); /* Skip errors */ /* Cast to int to be able to handle month == 0 */ delsum= (long) (365 * y + 31 *((int) month - 1) + (int) day); @@ -783,6 +783,7 @@ long calc_daynr(uint year,uint month,uin temp=(int) ((y/100+1)*3)/4; DBUG_PRINT("exit",("year: %d month: %d day: %d -> daynr: %ld", y+(month <= 2),month,day,delsum+y/4-temp)); + DBUG_ASSERT(delsum+(int) y/4-temp > 0); DBUG_RETURN(delsum+(int) y/4-temp); } /* calc_daynr */ === modified file 'sql/item_timefunc.cc' --- a/sql/item_timefunc.cc 2011-03-28 13:24:25 +0000 +++ b/sql/item_timefunc.cc 2011-04-27 07:35:57 +0000 @@ -648,7 +648,7 @@ bool make_date_time(DATE_TIME_FORMAT *fo system_charset_info); break; case 'W': - if (type == MYSQL_TIMESTAMP_TIME) + if (type == MYSQL_TIMESTAMP_TIME || !(l_time->month || l_time->year)) return 1; weekday= calc_weekday(calc_daynr(l_time->year,l_time->month, l_time->day),0); @@ -657,7 +657,7 @@ bool make_date_time(DATE_TIME_FORMAT *fo system_charset_info); break; case 'a': - if (type == MYSQL_TIMESTAMP_TIME) + if (type == MYSQL_TIMESTAMP_TIME || !(l_time->month || l_time->year)) return 1; weekday=calc_weekday(calc_daynr(l_time->year,l_time->month, l_time->day),0); @@ -816,7 +816,7 @@ bool make_date_time(DATE_TIME_FORMAT *fo } break; case 'w': - if (type == MYSQL_TIMESTAMP_TIME) + if (type == MYSQL_TIMESTAMP_TIME || !(l_time->month || l_time->year)) return 1; weekday=calc_weekday(calc_daynr(l_time->year,l_time->month, l_time->day),1); --===============3209512632963666427== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/sergey.glukhov@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: sergey.glukhov@stripped\ # b7028gag212n8e0y # target_branch: file:///home/gluh/MySQL/mysql-5.1/ # testament_sha1: 2f327c5b762cb6bf3cf6b47e5cbf1cd8f33e9447 # timestamp: 2011-04-27 11:36:04 +0400 # source_branch: bzr+ssh://sgluhov@stripped/bzrroot\ # /server/mysql-5.1/ # base_revision_id: guilhem.bichot@stripped\ # 0o3rtag1ov4j292n # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWX37mi8ABOLfgEQwe+///3/v /qC////0YAlO+tmvo00KUDNQ7go1W1aoTlgElKHommgDUfpIwyRiDI0ZANGgGgBoHDTTBDIaaZGT CAaaAMJo0yYAEDQ4aaYIZDTTIyYQDTQBhNGmTAAgaCQojSmTEyTanlAaDEDRoAAAA0yAEVEmBNDC nommSfqE2mppqepk/SmyhppoAGh6GoJJAgAAgJono0JhKHpMAxTIaA0abUroOt4eiuQvTXWpTGyI YMnsg03NRb1eFOlTBuWr8YJtedES4IZlhizzQoraOZUcAMbS+G8GTO3vPZ0Ft+3Ly56ZSq4CcRTH zXBWeCDcwbPzD5LuD3fmE4MMwzA2m+Qp1p9xGri5uGzpvlNbNbtR7kpNKhey53MwYye195qbqwX9 lfe0dCwrOrIq0E1bajTjMt2grqMBsEyWYDP/TEP+N7T0hf6Y7/JqZtyPFeHvijxC0o1VmUQjkSlB H0DAOIQFFX5orVraJyxXh6eGmkn9LTyDxon0DTj4OPdSuaQZuFsfIucg6FP6NA+PYkkk4UEIfYgj Qwe1B7Bvtf9iYOszbK5U7aU58mR+rIVfqyPBDvZkNrUMGhQ7Du6h5n2nsBxZpGY3jfl9MKYC5nfO UrtniYVnctsFRldfirgyQyEWAHRwjgnsFWVt7mjIGB9aDTC32FSFBkzJGT3EkDMgzQMg3oO8WSeJ y1Mit74KhPSBwnbRQcrYFEq5FeqJKGRXKmCa1QvKgufmhZbC0FhUKoiUDhntPcpgV8GSIMrCSB03 nJWRuenCDzZanDdagkkFwfQoyoJ7HWDlOL5aDok/THKgG2aomGFVkE8Q79GUyZhn4zU5rCfu1xb3 Hk2FN5radSig0BisdaONhmEaSbWAKPouw85zVsWZz70F7JA/tOomVAKF+yAtD3p0MIuJ1t012bhl v7OTwXDTLW0VeQL9VeSiQxOqqWMEnmRvBxmVRBRU1IWdTh/XcjPSi9TOdcmMqSkFarCSp2qYm1ta l4Mo6ZizOctZWZdmz1vBu2w432QLXSBnYQirsgVmZlVRoc47vFpG2bIc8nLjUeQ6vKdLqkfNTmMZ ilP/aS4fcmRtXptC9qy99Nxx2bUwVOTfP2vsW/GqkF2uFtKQdE64EuiNJO7MnRsOLHqbnaZzKTNr PK9jyN3M3Ey02m8KR7A8vUlsMla42rZYKoep3jEujj1rTiyiepPzgG9hOp0vgdHJ9BahcE8FWY2A pHAeY17Q9mEZgWGFxMOLcSVlqexIsxDAKpqvHY+QpBHExKSEMn8FyOuN0zY5U52pZvUmhB5OTyM2 TTEJ502ZNKRFOgGD89+wnKB5HzBMWgto4rG0sVCo7HEMB1ysvgxWolo4rMFYqOOJPjHyoqLCL0Um GZgcVFK3ZYX0rSjo5thizQJYiIipLmKoS1AlEVo7VGlaiewlvo0eRG7jzDYxhqDbQXo1dYR69g9I VMEfg+x8XykB/oQ/BuLGAQCBkVfVkPAxQWCivY2NkTxKwsPYL+JUXKrklYH50SMzBCLuYvvfg1Jm GhPm0NwPyfkhQ5GRkG1kPFkfiDmbmxlaAc0rSMtT5MJXK4SNIwQzTsRDM3oRYMjPfqTxf0Mja/O5 0CHk6nQ+BsDpxCKkPd7YocB96Tibk9V7eRoE4d/1nW0sZOKmUynNkO3OuzQCIaJQH3LvBNQ8lZhc naMzQoiTdqK0ZMrkiJGJTsG43zA+8PhBd/4rcbz8nbzUnTcD4Hxn4AnuM+UT41GwpO1bD+i3qle/ H8V9IBCV3N6euxFxmamKY+Nm8xNi0DuLAp6ywRhoKnmsAuLx1p+Tq8TcV9HJkxucwI1UwI0w0w5K mePJVIgjLYD1pZDkR2k5MxfLRxiMVCcSK2rFCokgwj9UykZI414jNTKxpneSwovNht+L91WH3K2q W+QUU0PKgiczyFFkMCGEMG43AuHYcv6+ff3F0M53SMRl6haHQhe5OvAklbk/zA7zieCvMHlnN4Wj sy24t8Hx4bdG5VoeFbd0+LTNu/R2GqxS9yOpMLdHfHr+2xAyJ5jkkI3pOJCFSm+HQwXa5ENznQJ6 EOILy4nI9R537/W/dOcKeZ2m9VHeWotOwvRuY/YNG4IB2jrOkikm+mPEmFz+0YsZ6+h1q77waQkx ZIqcIP3AHSu5aukte5ceYhuXc8HveIefKaldHhV0BWp31ErQKG+x5l6RXU4xKR2RCY2yQaj9kqMZ A6kwNNCBe0gvcz6lpzVcDfslpeVYUNI7F6sqwZKWKAKxwUQljVioqCnLIpCOimX5jI0BaSuqUMMz RzvosGsLZJV0YSvwxdrooKoebzvYmAJAHml5mRdmoUWMBSXS+HgAdfW6buSChPc5GG1WoRSDnIuS Bt1uWl4+yUqHg115Urkz0asWxtN253cTWyFZIxjaMl6H8QThYhekosyJkoqAReT9Sz6EiN9pmOzJ gmVCDnZIjB36/Q6SlODztTyM9vIety0+ly79KphYFRBZoobmgrfIEqW+QMJG5sOJv3autydzNEA0 HSAaebDngEBJUqZ5yuv1sLOWimMcXPdJra60Mar53OdCQhUQe3p1uxmUd+M6mp7U3DjXzcikQUNX au2AXbQ8GmRKbLioHemVFqZcVmV77WRzkrOPLii6dWbDFFeq3nihgd7mpJsno1DFJh186ytX4wxv CSSSSayuqjHIbSNkYKqTA7kxqV3CGYobdKaIotqmWhwWwVwV8YD1p9NXkH06IwzLzrB5EdmA6sUz KkIHk623AQqi55TME3oKTbYtbTIxCmA99Wk1J6nlwNvTh0eDS73IgWee5DCIBtZNWZNKU4tjStzB AlvDBz9sy4uL9HI/Yfa3PK0trxOg2Mpmey0hubbLHJx+BQhpYPa/Uc8mnbkSMgBbGQOa1MGVODLg 5Wo4vM0gaWt6GaZMqWN+mVt5fped+I0j/4u5IpwoSD79zReA --===============3209512632963666427==--