List:Commits« Previous MessageNext Message »
From:Davi Arnaut Date:October 15 2008 11:35pm
Subject:bzr commit into mysql-5.0-bugteam branch (davi:2706) Bug#37075
View as plain text  
# At a local mysql-5.0-bugteam repository of davi

 2706 Davi Arnaut	2008-10-15
      Bug#37075: offset of limit clause might be truncated on 32-bits server w/o big
tables
      
      The problem is that the offset argument of the limit clause
      might be truncated on a 32-bits server built without big
      tables support. The truncation was happening because the
      original 64-bits long argument was being cast to a 32-bits
      (ha_rows) offset counter.
      
      The solution is to check if the conversing resulted in value
      truncation and if so, the offset is set to the maximum possible
      value that can fit on the type.
modified:
  mysql-test/r/limit.result
  mysql-test/t/limit.test
  sql/sql_lex.cc

per-file messages:
  mysql-test/r/limit.result
    Add test case result for Bug#37075
  mysql-test/t/limit.test
    Add test case for Bug#37075
  sql/sql_lex.cc
    Check for truncation of the offset value. If value was
    truncated, set to the maximum possible value.
=== modified file 'mysql-test/r/limit.result'
--- a/mysql-test/r/limit.result	2008-02-28 14:34:08 +0000
+++ b/mysql-test/r/limit.result	2008-10-15 21:34:51 +0000
@@ -111,3 +111,6 @@ set @a=-14632475938453979136;
 execute s using @a, @a;
 ERROR HY000: Incorrect arguments to EXECUTE
 End of 5.0 tests
+select 1 as a limit 4294967296,10;
+a
+End of 5.1 tests

=== modified file 'mysql-test/t/limit.test'
--- a/mysql-test/t/limit.test	2008-02-28 14:34:08 +0000
+++ b/mysql-test/t/limit.test	2008-10-15 21:34:51 +0000
@@ -95,3 +95,11 @@ set @a=-14632475938453979136;
 execute s using @a, @a;
 
 --echo End of 5.0 tests
+
+#
+# Bug#37075: offset of limit clause might be truncated to 0 on 32-bits server w/o big
tables
+#
+
+select 1 as a limit 4294967296,10;
+
+--echo End of 5.1 tests

=== modified file 'sql/sql_lex.cc'
--- a/sql/sql_lex.cc	2008-10-07 21:34:00 +0000
+++ b/sql/sql_lex.cc	2008-10-15 21:34:51 +0000
@@ -2041,12 +2041,26 @@ st_lex::copy_db_to(char **p_db, uint *p_
 void st_select_lex_unit::set_limit(SELECT_LEX *sl)
 {
   ha_rows select_limit_val;
+  ulonglong val;
 
   DBUG_ASSERT(! thd->stmt_arena->is_stmt_prepare());
-  select_limit_val= (ha_rows)(sl->select_limit ? sl->select_limit->val_uint() :
-                                                 HA_POS_ERROR);
-  offset_limit_cnt= (ha_rows)(sl->offset_limit ? sl->offset_limit->val_uint() :
-                                                 ULL(0));
+  val= sl->select_limit ? sl->select_limit->val_uint() : HA_POS_ERROR;
+  select_limit_val= (ha_rows)val;
+#ifndef BIG_TABLES
+  /*
+    Check for overflow : ha_rows can be smaller then ulonglong if
+    BIG_TABLES is off.
+    */
+  if (val != (ulonglong)select_limit_val)
+    select_limit_val= HA_POS_ERROR;
+#endif
+  val= sl->offset_limit ? sl->offset_limit->val_uint() : ULL(0);
+  offset_limit_cnt= (ha_rows)val;
+#ifndef BIG_TABLES
+  /* Check for truncation. */
+  if (val != (ulonglong)offset_limit_cnt)
+    offset_limit_cnt= HA_POS_ERROR;
+#endif
   select_limit_cnt= select_limit_val + offset_limit_cnt;
   if (select_limit_cnt < select_limit_val)
     select_limit_cnt= HA_POS_ERROR;		// no limit
Thread
bzr commit into mysql-5.0-bugteam branch (davi:2706) Bug#37075Davi Arnaut15 Oct