List:Commits« Previous MessageNext Message »
From:<gshchepa Date:May 25 2007 2:24pm
Subject:bk commit into 5.0 tree (gshchepa:1.2501) BUG#28522
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of uchum. When uchum does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-05-25 17:24:17+05:00, gshchepa@stripped +3 -0
  Fixed bug #28522:
  sometimes `mysqldump --hex-blob' overruned output buffer by '\0' byte.
  
  The dump_table() function has been fixed to reserve 1 byte more for the
  last '\0' byte of dumped string.

  client/mysqldump.c@stripped, 2007-05-25 17:21:06+05:00, gshchepa@stripped +5 -2
    Fixed bug #28522.
    The dump_table() function has been fixed to reserve 1 byte more for the
    last '\0' byte of dumped string.

  mysql-test/r/mysqldump.result@stripped, 2007-05-25 17:21:20+05:00, gshchepa@stripped +11 -0
    Updated test case for bug #28522.

  mysql-test/t/mysqldump.test@stripped, 2007-05-25 17:21:18+05:00, gshchepa@stripped +7 -0
    Updated test case for bug #28522.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	gshchepa
# Host:	gleb.loc
# Root:	/home/uchum/work/bk/mysql-5.0-opt-28522

--- 1.262/client/mysqldump.c	2007-04-30 14:30:02 +05:00
+++ 1.263/client/mysqldump.c	2007-05-25 17:21:06 +05:00
@@ -2529,15 +2529,18 @@ static void dump_table(char *table, char
                   plus 2 bytes for '0x' prefix.
                   - In non-HEX mode we need up to 2 bytes per character,
                   plus 2 bytes for leading and trailing '\'' characters.
+                  Also we need to reserve 1 byte for terminating '\0'.
                 */
-                dynstr_realloc_checked(&extended_row,length * 2+2);
+                dynstr_realloc_checked(&extended_row,length * 2 + 2 + 1);
                 if (opt_hex_blob && is_blob)
                 {
                   dynstr_append_checked(&extended_row, "0x");
                   extended_row.length+= mysql_hex_string(extended_row.str +
                                                          extended_row.length,
                                                          row[i], length);
-                  extended_row.str[extended_row.length]= '\0';
+                  DBUG_ASSERT(extended_row.length+1 <= extended_row.max_length);
+                  /* mysql_hex_string() already terminated string by '\0' */
+                  DBUG_ASSERT(extended_row.str[extended_row.length] == '\0');
                 }
                 else
                 {

--- 1.123/mysql-test/r/mysqldump.result	2007-04-30 14:30:03 +05:00
+++ 1.124/mysql-test/r/mysqldump.result	2007-05-25 17:21:20 +05:00
@@ -3310,5 +3310,16 @@ drop user user1;
 drop user user2;
 drop database mysqldump_test_db;
 #
+# Bug #28522: buffer overrun by '\0' byte using --hex-blob.
+#
+CREATE TABLE t1 (c1 INT, c2 LONGBLOB);
+INSERT INTO t1 SET c1=11, c2=REPEAT('q',509);
+CREATE TABLE `t1` (
+  `c1` int(11) default NULL,
+  `c2` longblob
+);
+INSERT INTO `t1` VALUES
(11,0x71717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717
 17171717171717171717171717171717171717171717171717171717171);
+DROP TABLE t1;
+#
 # End of 5.0 tests
 #

--- 1.115/mysql-test/t/mysqldump.test	2007-04-30 14:30:04 +05:00
+++ 1.116/mysql-test/t/mysqldump.test	2007-05-25 17:21:18 +05:00
@@ -1528,7 +1528,14 @@ drop user user2;
 
 drop database mysqldump_test_db;
 
+--echo #
+--echo # Bug #28522: buffer overrun by '\0' byte using --hex-blob.
+--echo #
 
+CREATE TABLE t1 (c1 INT, c2 LONGBLOB);
+INSERT INTO t1 SET c1=11, c2=REPEAT('q',509);
+--exec $MYSQL_DUMP --skip-create --compact --hex-blob test t1
+DROP TABLE t1;
 
 --echo #
 --echo # End of 5.0 tests
Thread
bk commit into 5.0 tree (gshchepa:1.2501) BUG#28522gshchepa25 May