From: Date: March 9 2007 11:47am Subject: bk commit into 5.0 tree (gkodinov:1.2435) BUG#26281 List-Archive: http://lists.mysql.com/commits/21579 X-Bug: 26281 Message-Id: <200703091047.l29AlGfp016426@magare.gmz> Below is the list of changes that have just been committed into a local 5.0 repository of kgeorge. When kgeorge does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet@stripped, 2007-03-09 12:47:12+02:00, gkodinov@stripped +3 -0 Bug #26281: Fixed boundry checks in the INSERT() function: were one off. mysql-test/r/func_str.result@stripped, 2007-03-09 12:47:11+02:00, gkodinov@stripped +12 -0 Bug #26281: test case mysql-test/t/func_str.test@stripped, 2007-03-09 12:47:11+02:00, gkodinov@stripped +8 -0 Bug #26281: test case sql/item_strfunc.cc@stripped, 2007-03-09 12:47:11+02:00, gkodinov@stripped +5 -5 Bug #26281: fixed boundry checks # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: gkodinov # Host: magare.gmz # Root: /home/kgeorge/mysql/work/B26281-5.0-opt --- 1.295/sql/item_strfunc.cc 2007-02-21 13:05:00 +02:00 +++ 1.296/sql/item_strfunc.cc 2007-03-09 12:47:11 +02:00 @@ -967,18 +967,18 @@ String *Item_func_insert::val_str(String args[3]->null_value) goto null; /* purecov: inspected */ - if ((start < 0) || (start > res->length() + 1)) + if ((start < 0) || (start > res->length())) return res; // Wrong param; skip insert - if ((length < 0) || (length > res->length() + 1)) - length= res->length() + 1; + if ((length < 0) || (length > res->length())) + length= res->length(); /* start and length are now sufficiently valid to pass to charpos function */ start= res->charpos((int) start); length= res->charpos((int) length, (uint32) start); /* Re-testing with corrected params */ - if (start > res->length() + 1) - return res; // Wrong param; skip insert + if (start > res->length()) + return res; /* purecov: inspected */ // Wrong param; skip insert if (length > res->length() - start) length= res->length() - start; --- 1.127/mysql-test/r/func_str.result 2007-03-02 12:14:49 +02:00 +++ 1.128/mysql-test/r/func_str.result 2007-03-09 12:47:11 +02:00 @@ -1946,4 +1946,16 @@ NULL SELECT UNHEX('G') IS NULL; UNHEX('G') IS NULL 1 +SELECT INSERT('abc', 3, 3, '1234'); +INSERT('abc', 3, 3, '1234') +ab1234 +SELECT INSERT('abc', 4, 3, '1234'); +INSERT('abc', 4, 3, '1234') +abc1234 +SELECT INSERT('abc', 5, 3, '1234'); +INSERT('abc', 5, 3, '1234') +abc +SELECT INSERT('abc', 6, 3, '1234'); +INSERT('abc', 6, 3, '1234') +abc End of 5.0 tests --- 1.100/mysql-test/t/func_str.test 2007-03-02 12:14:49 +02:00 +++ 1.101/mysql-test/t/func_str.test 2007-03-09 12:47:11 +02:00 @@ -1014,4 +1014,12 @@ select lpad('abc', cast(5 as unsigned in SELECT UNHEX('G'); SELECT UNHEX('G') IS NULL; +# +# Bug #26281: INSERT() function mishandles NUL on boundary condition +# +SELECT INSERT('abc', 3, 3, '1234'); +SELECT INSERT('abc', 4, 3, '1234'); +SELECT INSERT('abc', 5, 3, '1234'); +SELECT INSERT('abc', 6, 3, '1234'); + --echo End of 5.0 tests