From: Date: September 2 2008 3:22pm
Subject: bzr commit into mysql-5.1 branch (kgeorge:2728) Bug#38701
List-Archive: http://lists.mysql.com/commits/53059
X-Bug: 38701
Message-Id: <200809021322.m82DMjJM011986@magare.gmz>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

#At file:///home/kgeorge/mysql/bzr/B38701-5.1-bugteam/

 2728 Georgi Kodinov	2008-09-02
      Bug #38701: Crash in String::append when inserting duplicate empty strings an uft8
      SET col
      
      When reporting a duplicate key error the server was making incorrect assumptions 
      on what the state of the value string to include in the error is.
      
      Fixed by accessing the data in this string in a "safe" way (without relying on it
      having a terminating 0).
modified:
  mysql-test/r/type_set.result
  mysql-test/t/type_set.test
  sql/handler.cc

per-file messages:
  mysql-test/r/type_set.result
    Bug#38701: test case
  mysql-test/t/type_set.test
    Bug#38701: test case
  sql/handler.cc
    Bug#38701: don't rely on the presence of a terminating 0 in the string buffer.
=== modified file 'mysql-test/r/type_set.result'
--- a/mysql-test/r/type_set.result	2008-03-14 20:40:21 +0000
+++ b/mysql-test/r/type_set.result	2008-09-02 13:22:11 +0000
@@ -93,4 +93,14 @@ c
 1,2,3
 64
 DROP TABLE t1;
+CREATE TABLE t1 (
+set_unique_utf8 set ('a','b','c','d','e','f','g','h','i','j','k','l',
+'m','n','o','p','q','r','s','t','u','v','w','x',
+'y','z') CHARACTER SET utf8,
+unique (set_unique_utf8)
+);
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+ERROR 23000: Duplicate entry '' for key 'set_unique_utf8'
+DROP TABLE t1;
 End of 5.0 tests

=== modified file 'mysql-test/t/type_set.test'
--- a/mysql-test/t/type_set.test	2008-03-14 20:40:21 +0000
+++ b/mysql-test/t/type_set.test	2008-09-02 13:22:11 +0000
@@ -75,4 +75,23 @@ INSERT INTO t1 VALUES(922337203685477580
 SELECT * FROM t1;
 DROP TABLE t1;
 
+#
+# Bug #38701: Crash in String::append when inserting duplicate empty strings
+# an uft8 SET col
+#
+
+CREATE TABLE t1 (
+        set_unique_utf8 set ('a','b','c','d','e','f','g','h','i','j','k','l',
+                             'm','n','o','p','q','r','s','t','u','v','w','x',
+                             'y','z') CHARACTER SET utf8,
+        unique (set_unique_utf8)
+);
+
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+--error ER_DUP_ENTRY 
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+
+DROP TABLE t1;
+
+
 --echo End of 5.0 tests

=== modified file 'sql/handler.cc'
--- a/sql/handler.cc	2008-08-12 10:26:23 +0000
+++ b/sql/handler.cc	2008-09-02 13:22:11 +0000
@@ -2483,7 +2483,7 @@ void handler::print_keydup_error(uint ke
   {
     /* Key is unknown */
     str.copy("", 0, system_charset_info);
-    my_printf_error(ER_DUP_ENTRY, msg, MYF(0), str.c_ptr(), "*UNKNOWN*");
+    my_printf_error(ER_DUP_ENTRY, msg, MYF(0), str.c_ptr_safe(), "*UNKNOWN*");
   }
   else
   {
@@ -2496,7 +2496,7 @@ void handler::print_keydup_error(uint ke
       str.append(STRING_WITH_LEN("..."));
     }
     my_printf_error(ER_DUP_ENTRY, msg,
-		    MYF(0), str.c_ptr(), table->key_info[key_nr].name);
+		    MYF(0), str.c_ptr_safe(), table->key_info[key_nr].name);
   }
 }