From: Tor&nbsp;Didriksen
Date: October 31 2012 12:36pm
Subject: bzr push into mysql-trunk branch (tor.didriksen:4872 to 4873)
List-Archive: http://lists.mysql.com/commits/145194
Message-Id: <20121031123620.12699.60929.4873@atum07.no.oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 4873 Tor Didriksen	2012-10-31 [merge]
      merge 5.6 => trunk

    modified:
      strings/ctype-utf8.c
      unittest/gunit/sql_table-t.cc
 4872 Joerg Bruehe	2012-10-31 [merge]
      Empty upmerge (weave)

=== modified file 'strings/ctype-utf8.c'
--- a/strings/ctype-utf8.c	2012-10-19 10:12:55 +0000
+++ b/strings/ctype-utf8.c	2012-10-31 12:25:15 +0000
@@ -7469,6 +7469,8 @@ my_mb_wc_filename(const CHARSET_INFO *cs
     return MY_CS_TOOSMALL3;
   
   byte1= s[1];
+  if (byte1 == 0)
+    return MY_CS_ILSEQ; /* avoid possible out-of-bounds read */
   byte2= s[2];
   
   if (byte1 >= 0x30 && byte1 <= 0x7F &&

=== modified file 'unittest/gunit/sql_table-t.cc'
--- a/unittest/gunit/sql_table-t.cc	2012-05-07 12:05:48 +0000
+++ b/unittest/gunit/sql_table-t.cc	2012-10-31 12:25:15 +0000
@@ -108,4 +108,51 @@ TEST_F(SqlTableTest, PromoteFirstTimesta
   EXPECT_EQ(Field::NONE, column_2_definition.unireg_check);
 }
 
+
+/** Prefix used by MySQL to indicate pre-5.1 table name encoding */
+const char		srv_mysql50_table_name_prefix[10] = "#mysql50#";
+
+/*
+  This is a test case based on innobase_init()
+  There was an out-of-bounds read when converting "-@" to a table name.
+ */
+TEST_F(SqlTableTest, FileNameToTableName)
+{
+  struct PackStuff
+  {
+    char foo1;
+    char str[3];
+    char foo2;
+  };
+  PackStuff foo;
+  memcpy(foo.str, "-@", 3);
+  MEM_NOACCESS(&foo.foo1, 1);
+  MEM_NOACCESS(&foo.foo2, 1);
+
+  const char test_filename[] = "-@";
+  char       test_tablename[sizeof test_filename
+                            + sizeof(srv_mysql50_table_name_prefix) - 1];
+
+  // This one used to fail with AddressSanitizer
+  EXPECT_EQ((sizeof(test_tablename)) - 1,
+            filename_to_tablename(test_filename,
+                                  test_tablename,
+                                  sizeof(test_tablename)
+#ifndef DBUG_OFF
+                                  , true
+#endif
+                                  ));
+
+  // This one used to fail if compiled with -DHAVE_VALGRIND
+  EXPECT_EQ((sizeof(test_tablename)) - 1,
+            filename_to_tablename(foo.str,
+                                  test_tablename,
+                                  sizeof(test_tablename)
+#ifndef DBUG_OFF
+                                  , true
+#endif
+                                  ));
+
+}
+
 }

No bundle (reason: useless for push emails).