List:Commits« Previous MessageNext Message »
From:kgeorge Date:March 8 2007 11:32am
Subject:bk commit into 5.0 tree (gkodinov:1.2435) BUG#26281
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of kgeorge. When kgeorge does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-03-08 12:32:29+02:00, gkodinov@stripped +3 -0
  Bug #26281:
   Fixed boundry checks in the INSERT() function:
   were one off.

  mysql-test/r/func_str.result@stripped, 2007-03-08 12:32:28+02:00, gkodinov@stripped +3 -0
    Bug #26281: test case

  mysql-test/t/func_str.test@stripped, 2007-03-08 12:32:28+02:00, gkodinov@stripped +5 -0
    Bug #26281: test case

  sql/item_strfunc.cc@stripped, 2007-03-08 12:32:28+02:00, gkodinov@stripped +5 -5
    Bug #26281: fixed boundry checks

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	gkodinov
# Host:	magare.gmz
# Root:	/home/kgeorge/mysql/work/B26281-5.0-opt

--- 1.295/sql/item_strfunc.cc	2007-02-21 13:05:00 +02:00
+++ 1.296/sql/item_strfunc.cc	2007-03-08 12:32:28 +02:00
@@ -967,18 +967,18 @@
       args[3]->null_value)
     goto null; /* purecov: inspected */
 
-  if ((start < 0) || (start > res->length() + 1))
+  if ((start < 0) || (start > res->length()))
     return res;                                 // Wrong param; skip insert
-  if ((length < 0) || (length > res->length() + 1))
-    length= res->length() + 1;
+  if ((length < 0) || (length > res->length()))
+    length= res->length();
 
   /* start and length are now sufficiently valid to pass to charpos function */
   start= res->charpos((int) start);
   length= res->charpos((int) length, (uint32) start);
 
   /* Re-testing with corrected params */
-  if (start > res->length() + 1)
-    return res;                                 // Wrong param; skip insert
+  if (start > res->length())
+    return res; /* purecov: inspected */        // Wrong param; skip insert
   if (length > res->length() - start)
     length= res->length() - start;
 

--- 1.127/mysql-test/r/func_str.result	2007-03-02 12:14:49 +02:00
+++ 1.128/mysql-test/r/func_str.result	2007-03-08 12:32:28 +02:00
@@ -1946,4 +1946,7 @@
 SELECT UNHEX('G') IS NULL;
 UNHEX('G') IS NULL
 1
+SELECT INSERT('abcdefghijklmnopqrstuvwDEFxyz', 31, 3, '123456789');
+INSERT('abcdefghijklmnopqrstuvwDEFxyz', 31, 3, '123456789')
+abcdefghijklmnopqrstuvwDEFxyz
 End of 5.0 tests

--- 1.100/mysql-test/t/func_str.test	2007-03-02 12:14:49 +02:00
+++ 1.101/mysql-test/t/func_str.test	2007-03-08 12:32:28 +02:00
@@ -1014,4 +1014,9 @@
 SELECT UNHEX('G');
 SELECT UNHEX('G') IS NULL;
 
+#
+# Bug #26281: INSERT() function mishandles NUL on boundary condition
+#
+SELECT INSERT('abcdefghijklmnopqrstuvwDEFxyz', 31, 3, '123456789');
+
 --echo End of 5.0 tests
Thread
bk commit into 5.0 tree (gkodinov:1.2435) BUG#26281kgeorge8 Mar