MDEV-16518 MYSQL57_GENERATED_FIELD: The code in TABLE_SHARE::init_from_binary_frm_image() is not safe

author: Alexander Barkov <bar@mariadb.com> 2019-04-26 14:01:21 +0400
committer: Alexander Barkov <bar@mariadb.com> 2019-04-26 14:01:21 +0400
commit: 5cfc7799a33576bb638652bac6e341570c80a7e1 (patch)
tree: 45f7457a79727edf022a08bb40f33b8749e0b233
parent: 9a5a86f293b6fe40ad606de43c04a2d8ba6b60b1 (diff)
download: mariadb-git-5cfc7799a33576bb638652bac6e341570c80a7e1.tar.gz
4 files changed, 41 insertions, 1 deletions
diff --git a/mysql-test/std_data/frm/mdev16518.frm b/mysql-test/std_data/frm/mdev16518.frm
new file mode 100644
index 00000000000..72a4c41f0b4
--- /dev/null
+++ b/mysql-test/std_data/frm/mdev16518.frm
diff --git a/mysql-test/suite/vcol/r/vcol_misc.result b/mysql-test/suite/vcol/r/vcol_misc.result
index bedc44e7fc4..291a954baf6 100644
--- a/mysql-test/suite/vcol/r/vcol_misc.result
+++ b/mysql-test/suite/vcol/r/vcol_misc.result
@@ -409,3 +409,19 @@ Warning	1918	Encountered illegal value '\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF7' when c
 #
 # End of 10.1 tests
 #
+#
+# Start of 10.2 tests
+#
+#
+# MDEV-16518 MYSQL57_GENERATED_FIELD: The code in TABLE_SHARE::init_from_binary_frm_image() is not safe
+#
+SHOW TABLES;
+Tables_in_test
+t1
+SHOW CREATE TABLE t1;
+ERROR HY000: Incorrect information in file: './test/t1.frm'
+ALTER TABLE t1;
+ERROR HY000: Incorrect information in file: './test/t1.frm'
+#
+# End of 10.2 tests
+#
diff --git a/mysql-test/suite/vcol/t/vcol_misc.test b/mysql-test/suite/vcol/t/vcol_misc.test
index b351e1eb4a6..255621845fb 100644
--- a/mysql-test/suite/vcol/t/vcol_misc.test
+++ b/mysql-test/suite/vcol/t/vcol_misc.test
@@ -371,3 +371,26 @@ SELECT COLUMN_GET(@aaa, 'price' AS DOUBLE) aaa;
 --echo #
 --echo # End of 10.1 tests
 --echo #
+
+
+--echo #
+--echo # Start of 10.2 tests
+--echo #
+
+--echo #
+--echo # MDEV-16518 MYSQL57_GENERATED_FIELD: The code in TABLE_SHARE::init_from_binary_frm_image() is not safe
+--echo #
+
+--copy_file std_data/frm/mdev16518.frm $MYSQLD_DATADIR/test/t1.frm
+SHOW TABLES;
+--replace_result $MYSQLD_DATADIR ./
+--error ER_NOT_FORM_FILE
+SHOW CREATE TABLE t1;
+--replace_result $MYSQLD_DATADIR ./
+--error ER_NOT_FORM_FILE
+ALTER TABLE t1;
+--remove_file $MYSQLD_DATADIR/test/t1.frm
+
+--echo #
+--echo # End of 10.2 tests
+--echo #
diff --git a/sql/table.cc b/sql/table.cc
index 2cf21c889e2..5337a506215 100644
--- a/sql/table.cc
+++ b/sql/table.cc
@@ -1839,7 +1839,8 @@ int TABLE_SHARE::init_from_binary_frm_image(THD *thd, bool write,
           goto err;
         vcol_info= new (&share->mem_root) Virtual_column_info();
         vcol_info_length= uint2korr(vcol_screen_pos + 1);
-        DBUG_ASSERT(vcol_info_length);
+        if (!vcol_info_length) // Expect non-empty expression
+          goto err;
         vcol_info->stored_in_db= vcol_screen_pos[3];
         vcol_info->utf8= 0;
         vcol_screen_pos+= vcol_info_length + MYSQL57_GCOL_HEADER_SIZE;;
author	Alexander Barkov <bar@mariadb.com>	2019-04-26 14:01:21 +0400
committer	Alexander Barkov <bar@mariadb.com>	2019-04-26 14:01:21 +0400
commit	5cfc7799a33576bb638652bac6e341570c80a7e1 (patch)
tree	45f7457a79727edf022a08bb40f33b8749e0b233
parent	9a5a86f293b6fe40ad606de43c04a2d8ba6b60b1 (diff)
download	mariadb-git-5cfc7799a33576bb638652bac6e341570c80a7e1.tar.gz