From: Date: July 11 2006 7:06pm
Subject: bk commit into 4.1 tree (cmiller:1.2527) BUG#20729
List-Archive: http://lists.mysql.com/commits/9048
X-Bug: 20729
Message-Id: <20060711170633.186795C06C@zippy>

Below is the list of changes that have just been committed into a local
4.1 repository of cmiller. When cmiller does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2006-07-11 13:06:29-04:00, cmiller@zippy.(none) +3 -0
  Bug#20729: Bad date_format() call makes mysql server crash
      
  The problem is that the author used the wrong function to send a warning to the 
  user about truncation of data.  push_warning() takes a constant string and 
  push_warning_printf() takes a format and variable arguments to fill it.
  
  Since the string we were complaining about contains percent characters, the 
  printf() code interprets the "%Y" et c. that the user sends.  That's wrong, and
  often causes a crash, especially if the date mentions seconds, "%s".
  
  A alternate fix would be to use  push_warning_printf(..., "%s", warn_buff) .

  mysql-test/r/date_formats.result@stripped, 2006-07-11 13:06:28-04:00, cmiller@zippy.(none) +6 -0
    Test that an invalid date doesn't crash the server.  We should get a warning back 
    instead of a dead socket.

  mysql-test/t/date_formats.test@stripped, 2006-07-11 13:06:28-04:00, cmiller@zippy.(none) +7 -1
    Test that an invalid date doesn't crash the server.  We should get a warning back 
    instead of a dead socket.

  sql/time.cc@stripped, 2006-07-11 13:06:28-04:00, cmiller@zippy.(none) +1 -1
    Don't try to use warn_buf as the start of a varible arguement list to send 
    to a warning-formatted my_vsnprintf() .

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	cmiller
# Host:	zippy.(none)
# Root:	/home/cmiller/work/mysql/m41-maint--07AB5

--- 1.52/sql/time.cc	2006-07-11 13:06:33 -04:00
+++ 1.53/sql/time.cc	2006-07-11 13:06:33 -04:00
@@ -797,7 +797,7 @@
   }
   sprintf(warn_buff, ER(ER_TRUNCATED_WRONG_VALUE),
 	  type_str, str.ptr());
-  push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
+  push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
 		      ER_TRUNCATED_WRONG_VALUE, warn_buff);
 }
 

--- 1.20/mysql-test/r/date_formats.result	2006-07-11 13:06:33 -04:00
+++ 1.21/mysql-test/r/date_formats.result	2006-07-11 13:06:33 -04:00
@@ -509,3 +509,9 @@
 SELECT TIME_FORMAT("25:00:00", '%l %p');
 TIME_FORMAT("25:00:00", '%l %p')
 1 AM
+SELECT DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896);
+DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896)
+NULL
+Warnings:
+Warning	1292	Truncated incorrect datetime value: '%Y-%m-%d %H:%i:%s'
+"End of 4.1 tests"

--- 1.17/mysql-test/t/date_formats.test	2006-07-11 13:06:33 -04:00
+++ 1.18/mysql-test/t/date_formats.test	2006-07-11 13:06:33 -04:00
@@ -275,7 +275,6 @@
 select str_to_date( 1, NULL );
 select str_to_date( NULL, 1 );
 select str_to_date( 1, IF(1=1,NULL,NULL) );
-# End of 4.1 tests
 
 #
 # Bug#11326
@@ -298,3 +297,10 @@
 SELECT TIME_FORMAT("23:00:00", '%l %p');
 SELECT TIME_FORMAT("24:00:00", '%l %p');
 SELECT TIME_FORMAT("25:00:00", '%l %p');
+
+#
+# Bug#20729:  Bad date_format() call makes mysql server crash
+#
+SELECT DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896);
+
+--echo "End of 4.1 tests"