MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Alexander Barkov Date:December 15 2009 9:48am
Subject:bzr commit into mysql-5.1-bugteam branch (bar:3274) Bug#49134
View as plain text  
#At file:///home/bar/mysql-bzr/mysql-5.1-b49134/ based on revid:jon.hauglid@stripped

 3274 Alexander Barkov	2009-12-15
      Bug#49134 5.1 server segfaults with 2byte collation file
      
      Problem: add_collation did not check that cs->number is smaller
      than the number of elements in the array all_charsets[],
      so server could crash when loading an Index.xml file with
      a collation ID greater the number of elements 
      (for example when downgrading from 5.5).
      
      Fix: adding a condition to check that cs->number is not out of valid range.

    modified:
      mysql-test/std_data/Index.xml
      mysys/charset.c
=== modified file 'mysql-test/std_data/Index.xml'
--- a/mysql-test/std_data/Index.xml	2009-10-12 07:43:15 +0000
+++ b/mysql-test/std_data/Index.xml	2009-12-15 09:48:29 +0000
@@ -8,6 +8,13 @@
       </rules>
     </collation>
 
+   <collation name="utf8_hugeid_ci" id="2047000000">
+      <rules>
+        <reset>a</reset>
+        <s>b</s>
+      </rules>
+   </collation>
+
   </charset>
 
   <charset name="ucs2">

=== modified file 'mysys/charset.c'
--- a/mysys/charset.c	2009-12-12 18:11:25 +0000
+++ b/mysys/charset.c	2009-12-15 09:48:29 +0000
@@ -220,7 +220,8 @@ copy_uca_collation(CHARSET_INFO *to, CHA
 static int add_collation(CHARSET_INFO *cs)
 {
   if (cs->name && (cs->number ||
-                   (cs->number=get_collation_number_internal(cs->name))))
+                   (cs->number=get_collation_number_internal(cs->name))) &&
+      cs->number < array_elements(all_charsets))
   {
     if (!all_charsets[cs->number])
     {


Attachment: [text/bzr-bundle] bzr/bar@mysql.com-20091215094829-a67epp1rbkkkw1rc.bundle
Thread
bzr commit into mysql-5.1-bugteam branch (bar:3274) Bug#49134Alexander Barkov15 Dec