diff options
| author | Alexander Barkov <bar@mysql.com> | 2010-11-11 11:08:53 +0300 |
|---|---|---|
| committer | Alexander Barkov <bar@mysql.com> | 2010-11-11 11:08:53 +0300 |
| commit | ddd6fbe553709c91d7d6b08620f45d789a046897 (patch) | |
| tree | 1d982331f4effe14c88baf1c2c7517dc5e4b3a63 | |
| parent | 2adecd8ce7d327d63c812439c4f7051df6dbfa19 (diff) | |
| download | mariadb-git-ddd6fbe553709c91d7d6b08620f45d789a046897.tar.gz | |
Bug#57687 crash when reporting duplicate group_key error and utf8
Fixing DoS regression problem.
Using "key_part->fieldnr - 1" to access the desired field
is only correct in real INSERT queries.
In case of inserting records into a temporary table
when performing GROUP BY queries this expression does not work.
Fix: Instead of accessing field_length and comparing it
to key_part->length, there is an easier way to check if
we're dealing with a prefix key: check key_part_flag against
HA_PART_KEY_SEG flag.
| -rw-r--r-- | mysql-test/r/ctype_utf8.result | 11 | ||||
| -rw-r--r-- | mysql-test/t/ctype_utf8.test | 12 | ||||
| -rw-r--r-- | sql/key.cc | 4 |
3 files changed, 24 insertions, 3 deletions
diff --git a/mysql-test/r/ctype_utf8.result b/mysql-test/r/ctype_utf8.result index 13e1092cb98..3982d09e64b 100644 --- a/mysql-test/r/ctype_utf8.result +++ b/mysql-test/r/ctype_utf8.result @@ -4885,5 +4885,16 @@ maketime(`a`,`a`,`a`) DROP TABLE t1; SET sql_mode=default; # +# Bug#57687 crash when reporting duplicate group_key error and utf8 +# Make sure to modify this when Bug#58081 is fixed. +# +SET NAMES utf8; +CREATE TABLE t1 (a INT); +INSERT INTO t1 VALUES (0), (0), (1), (0), (0); +SELECT COUNT(*) FROM t1, t1 t2 +GROUP BY INSERT('', t2.a, t1.a, (@@global.max_binlog_size)); +ERROR 23000: Duplicate entry '107374182410737418241' for key 'group_key' +DROP TABLE t1; +# # End of 5.5 tests # diff --git a/mysql-test/t/ctype_utf8.test b/mysql-test/t/ctype_utf8.test index 318bbdca0c7..5ce83a05f61 100644 --- a/mysql-test/t/ctype_utf8.test +++ b/mysql-test/t/ctype_utf8.test @@ -1529,6 +1529,18 @@ DROP TABLE t1, t2; SET NAMES utf8; --source include/ctype_numconv.inc +--echo # +--echo # Bug#57687 crash when reporting duplicate group_key error and utf8 +--echo # Make sure to modify this when Bug#58081 is fixed. +--echo # +SET NAMES utf8; +CREATE TABLE t1 (a INT); +INSERT INTO t1 VALUES (0), (0), (1), (0), (0); +--error ER_DUP_ENTRY +SELECT COUNT(*) FROM t1, t1 t2 +GROUP BY INSERT('', t2.a, t1.a, (@@global.max_binlog_size)); +DROP TABLE t1; + --echo # --echo # End of 5.5 tests diff --git a/sql/key.cc b/sql/key.cc index e28e0803986..288afd034a9 100644 --- a/sql/key.cc +++ b/sql/key.cc @@ -364,9 +364,7 @@ void key_unpack(String *to,TABLE *table,uint idx) while (tmp_end > tmp.ptr() && !*--tmp_end) ; tmp.length(tmp_end - tmp.ptr() + 1); } - if (cs->mbmaxlen > 1 && - table->field[key_part->fieldnr - 1]->field_length != - key_part->length) + if (cs->mbmaxlen > 1 && (key_part->key_part_flag & HA_PART_KEY_SEG)) { /* Prefix key, multi-byte charset. |