manual merge

3 files changed, 34 insertions, 8 deletions

diff --git a/mysql-test/r/strict.result b/mysql-test/r/strict.result
index a257d0a8648..1255284f4fe 100644
--- a/mysql-test/r/strict.result
+++ b/mysql-test/r/strict.result
@@ -1347,6 +1347,13 @@ t1	CREATE TABLE `t1` (
   `i` int(11) DEFAULT NULL
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='123456789*123456789*123456789*123456789*123456789*123456789*'
 drop table t1;
+CREATE TABLE t3 (f1 INT) COMMENT 'כקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחן';
+SHOW CREATE TABLE t3;
+Table	Create Table
+t3	CREATE TABLE `t3` (
+  `f1` int(11) DEFAULT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='כקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחן'
+DROP TABLE t3;
 set sql_mode= 'traditional';
 create table t1(col1 tinyint, col2 tinyint unsigned, 
 col3 smallint, col4 smallint unsigned,
diff --git a/mysql-test/t/strict.test b/mysql-test/t/strict.test
index 486f7ce7897..f2ce045840c 100644
--- a/mysql-test/t/strict.test
+++ b/mysql-test/t/strict.test
@@ -1199,6 +1199,15 @@ show create table t1;
 drop table t1;
 
 #
+# Bug #39591: Crash if table comment is longer than 62 characters
+#
+
+#60 chars, 120 (+1) bytes (UTF-8 with 2-byte chars)
+CREATE TABLE t3 (f1 INT) COMMENT 'כקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחןכקבהחן';
+SHOW CREATE TABLE t3;
+DROP TABLE t3;
+
+#
 # Bug #26359: Strings becoming truncated and converted to numbers under STRICT mode
 #
 set sql_mode= 'traditional';
diff --git a/sql/unireg.cc b/sql/unireg.cc
index 9e42aabfef7..7b770ab733e 100644
--- a/sql/unireg.cc
+++ b/sql/unireg.cc
@@ -205,6 +205,24 @@ bool mysql_create_frm(THD *thd, const char *file_name,
 			     (create_info->min_rows == 1) && (keys == 0));
   int2store(fileinfo+28,key_info_length);
 
+  /*
+    This gives us the byte-position of the character at
+    (character-position, not byte-position) TABLE_COMMENT_MAXLEN.
+    The trick here is that character-positions start at 0, so the last
+    character in a maximum-allowed length string would be at char-pos
+    MAXLEN-1; charpos MAXLEN will be the position of the terminator.
+    Consequently, bytepos(charpos(MAXLEN)) should be equal to
+    comment[length] (which should also be the terminator, or at least
+    the first byte after the payload in the strict sense). If this is
+    not so (bytepos(charpos(MAXLEN)) comes /before/ the end of the
+    string), the string is too long.
+
+    For additional credit, realise that UTF-8 has 1-3 bytes before 6.0,
+    and 1-4 bytes in 6.0 (6.0 also has UTF-32). This means that the
+    inlined COMMENT supposedly does not exceed 60 character plus
+    terminator, vulgo, 181 bytes.
+  */
+
   tmp_len= system_charset_info->cset->charpos(system_charset_info,
                                               create_info->comment.str,
                                               create_info->comment.str +
@@ -227,14 +245,6 @@ bool mysql_create_frm(THD *thd, const char *file_name,
   strmake((char*) forminfo+47, create_info->comment.str ?
           create_info->comment.str : "", create_info->comment.length);
   forminfo[46]=(uchar) create_info->comment.length;
-#ifdef EXTRA_DEBUG
-  /*
-    EXTRA_DEBUG causes strmake() to initialize its buffer behind the
-    payload with a magic value to detect wrong buffer-sizes. We
-    explicitly zero that segment again.
-  */
-  memset((char*) forminfo+47 + forminfo[46], 0, 61 - forminfo[46]);
-#endif
 #ifdef WITH_PARTITION_STORAGE_ENGINE
   if (part_info)
   {