diff options
| author | ramil/ram@mysql.com/ramil.myoffice.izhnet.ru <> | 2007-10-04 10:20:00 +0500 |
|---|---|---|
| committer | ramil/ram@mysql.com/ramil.myoffice.izhnet.ru <> | 2007-10-04 10:20:00 +0500 |
| commit | bc9b4834e1f95f02008e41b8e5ce62968befd53a (patch) | |
| tree | e47d7238dc0f1a553b33aec326c1494de7a91bf6 | |
| parent | e78513165c1b4e1696167e9fac6558e4492bc815 (diff) | |
| download | mariadb-git-bc9b4834e1f95f02008e41b8e5ce62968befd53a.tar.gz | |
Fix for bug #31069: crash in 'sounds like'
and for bug #31070: crash during conversion of charsets
Problem: passing a 0 byte length string to some my_mb_wc_XXX()
functions leads to server crash due to improper argument check.
Fix: properly check arguments passed to my_mb_wc_XXX() functions.
| -rw-r--r-- | mysql-test/include/ctype_common.inc | 9 | ||||
| -rw-r--r-- | mysql-test/r/ctype_big5.result | 11 | ||||
| -rw-r--r-- | mysql-test/r/ctype_euckr.result | 11 | ||||
| -rw-r--r-- | mysql-test/r/ctype_gb2312.result | 11 | ||||
| -rw-r--r-- | mysql-test/r/ctype_gbk.result | 11 | ||||
| -rw-r--r-- | mysql-test/r/ctype_uca.result | 11 | ||||
| -rw-r--r-- | strings/ctype-big5.c | 4 | ||||
| -rw-r--r-- | strings/ctype-cp932.c | 4 | ||||
| -rw-r--r-- | strings/ctype-euc_kr.c | 4 | ||||
| -rw-r--r-- | strings/ctype-gb2312.c | 4 | ||||
| -rw-r--r-- | strings/ctype-sjis.c | 4 |
11 files changed, 73 insertions, 11 deletions
diff --git a/mysql-test/include/ctype_common.inc b/mysql-test/include/ctype_common.inc index 202c508a9c9..9ee0a40c8ce 100644 --- a/mysql-test/include/ctype_common.inc +++ b/mysql-test/include/ctype_common.inc @@ -51,6 +51,15 @@ SELECT c1 as want1result from t1 where c1 like 'locatio%'; SELECT c1 as want1result from t1 where c1 like 'location%'; DROP TABLE t1; +# +# Bug #31070: crash during conversion of charsets +# +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +select a sounds like a from t1; +drop table t1; + DROP DATABASE d1; # Restore settings USE test; diff --git a/mysql-test/r/ctype_big5.result b/mysql-test/r/ctype_big5.result index 6574908101c..a2651db6308 100644 --- a/mysql-test/r/ctype_big5.result +++ b/mysql-test/r/ctype_big5.result @@ -52,6 +52,17 @@ SELECT c1 as want1result from t1 where c1 like 'location%'; want1result location DROP TABLE t1; +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +cast(a as char(1)) + + +select a sounds like a from t1; +a sounds like a +1 +1 +drop table t1; DROP DATABASE d1; USE test; SET character_set_server= @safe_character_set_server; diff --git a/mysql-test/r/ctype_euckr.result b/mysql-test/r/ctype_euckr.result index 6017bc07763..2d9f8d217e6 100644 --- a/mysql-test/r/ctype_euckr.result +++ b/mysql-test/r/ctype_euckr.result @@ -52,6 +52,17 @@ SELECT c1 as want1result from t1 where c1 like 'location%'; want1result location DROP TABLE t1; +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +cast(a as char(1)) + + +select a sounds like a from t1; +a sounds like a +1 +1 +drop table t1; DROP DATABASE d1; USE test; SET character_set_server= @safe_character_set_server; diff --git a/mysql-test/r/ctype_gb2312.result b/mysql-test/r/ctype_gb2312.result index 314c336bab9..04c318e83a8 100644 --- a/mysql-test/r/ctype_gb2312.result +++ b/mysql-test/r/ctype_gb2312.result @@ -52,6 +52,17 @@ SELECT c1 as want1result from t1 where c1 like 'location%'; want1result location DROP TABLE t1; +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +cast(a as char(1)) + + +select a sounds like a from t1; +a sounds like a +1 +1 +drop table t1; DROP DATABASE d1; USE test; SET character_set_server= @safe_character_set_server; diff --git a/mysql-test/r/ctype_gbk.result b/mysql-test/r/ctype_gbk.result index 241539ecf42..064c0bc2acf 100644 --- a/mysql-test/r/ctype_gbk.result +++ b/mysql-test/r/ctype_gbk.result @@ -52,6 +52,17 @@ SELECT c1 as want1result from t1 where c1 like 'location%'; want1result location DROP TABLE t1; +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +cast(a as char(1)) + + +select a sounds like a from t1; +a sounds like a +1 +1 +drop table t1; DROP DATABASE d1; USE test; SET character_set_server= @safe_character_set_server; diff --git a/mysql-test/r/ctype_uca.result b/mysql-test/r/ctype_uca.result index 91ee427efb4..3d8bd33fb19 100644 --- a/mysql-test/r/ctype_uca.result +++ b/mysql-test/r/ctype_uca.result @@ -2371,6 +2371,17 @@ SELECT c1 as want1result from t1 where c1 like 'location%'; want1result location DROP TABLE t1; +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +cast(a as char(1)) + + +select a sounds like a from t1; +a sounds like a +1 +1 +drop table t1; DROP DATABASE d1; USE test; SET character_set_server= @safe_character_set_server; diff --git a/strings/ctype-big5.c b/strings/ctype-big5.c index 89a40b15288..90917229769 100644 --- a/strings/ctype-big5.c +++ b/strings/ctype-big5.c @@ -6256,12 +6256,12 @@ my_mb_wc_big5(CHARSET_INFO *cs __attribute__((unused)), my_wc_t *pwc,const uchar *s,const uchar *e) { - int hi=s[0]; + int hi; if (s >= e) return MY_CS_TOOSMALL; - if (hi<0x80) + if ((hi= s[0]) < 0x80) { pwc[0]=hi; return 1; diff --git a/strings/ctype-cp932.c b/strings/ctype-cp932.c index e8c62b0315e..3752b2e4118 100644 --- a/strings/ctype-cp932.c +++ b/strings/ctype-cp932.c @@ -5352,12 +5352,12 @@ my_wc_mb_cp932(CHARSET_INFO *cs __attribute__((unused)), static int my_mb_wc_cp932(CHARSET_INFO *cs __attribute__((unused)), my_wc_t *pwc, const uchar *s, const uchar *e){ - int hi=s[0]; + int hi; if (s >= e) return MY_CS_TOOSMALL; - if (hi < 0x80) + if ((hi= s[0]) < 0x80) { pwc[0]=hi; return 1; diff --git a/strings/ctype-euc_kr.c b/strings/ctype-euc_kr.c index 25ac416ac60..50300f3c140 100644 --- a/strings/ctype-euc_kr.c +++ b/strings/ctype-euc_kr.c @@ -8614,12 +8614,12 @@ my_mb_wc_euc_kr(CHARSET_INFO *cs __attribute__((unused)), my_wc_t *pwc, const uchar *s, const uchar *e) { - int hi=s[0]; + int hi; if (s >= e) return MY_CS_TOOSMALL; - if (hi<0x80) + if ((hi= s[0]) < 0x80) { pwc[0]=hi; return 1; diff --git a/strings/ctype-gb2312.c b/strings/ctype-gb2312.c index 556f485945b..e81f9d3cf0c 100644 --- a/strings/ctype-gb2312.c +++ b/strings/ctype-gb2312.c @@ -5665,12 +5665,10 @@ my_mb_wc_gb2312(CHARSET_INFO *cs __attribute__((unused)), my_wc_t *pwc, const uchar *s, const uchar *e){ int hi; - hi=(int) s[0]; - if (s >= e) return MY_CS_TOOSMALL; - if (hi<0x80) + if ((hi= s[0]) < 0x80) { pwc[0]=hi; return 1; diff --git a/strings/ctype-sjis.c b/strings/ctype-sjis.c index 38a9c9a6428..92d6b4dc2ae 100644 --- a/strings/ctype-sjis.c +++ b/strings/ctype-sjis.c @@ -4512,12 +4512,12 @@ mb: static int my_mb_wc_sjis(CHARSET_INFO *cs __attribute__((unused)), my_wc_t *pwc, const uchar *s, const uchar *e){ - int hi=s[0]; + int hi; if (s >= e) return MY_CS_TOOSMALL; - if (hi < 0x80) + if ((hi= s[0]) < 0x80) { pwc[0]=hi; return 1; |