diff options
| author | Alexey Kopytov <Alexey.Kopytov@sun.com> | 2009-05-20 12:30:06 +0400 |
|---|---|---|
| committer | Alexey Kopytov <Alexey.Kopytov@sun.com> | 2009-05-20 12:30:06 +0400 |
| commit | 0b62b7f26d2bef58983f7c7e8b288dd9bce0cdcc (patch) | |
| tree | a26c6bec3955954ec6879428333f88c62318fd91 /mysql-test | |
| parent | 1d03fb715ebcd995648793fbdba57d9a2069ede6 (diff) | |
| download | mariadb-git-0b62b7f26d2bef58983f7c7e8b288dd9bce0cdcc.tar.gz | |
Bug #44796: valgrind: too many my_longlong10_to_str_8bit
warnings after uncompressed_length
UNCOMPRESSED_LENGTH() did not validate its argument. In
particular, if the argument length was less than 4 bytes,
an uninitialized memory value was returned as a result.
Since the result of COMPRESS() is either an empty string or
a 4-byte length prefix followed by compressed data, the bug was
fixed by ensuring that the argument of UNCOMPRESSED_LENGTH() is
either an empty string or contains at least 5 bytes (as done in
UNCOMPRESS()). This is the best we can do to validate input
without decompressing.
mysql-test/r/func_compress.result:
Added a test case for bug #44796.
mysql-test/t/func_compress.test:
Added a test case for bug #44796.
sql/item_strfunc.cc:
Make sure that the argument of UNCOMPRESSED_LENGTH() contains
at least 5 bytes (as done in UNCOMPRESS()).
Diffstat (limited to 'mysql-test')
| -rw-r--r-- | mysql-test/r/func_compress.result | 15 | ||||
| -rw-r--r-- | mysql-test/t/func_compress.test | 17 |
2 files changed, 32 insertions, 0 deletions
diff --git a/mysql-test/r/func_compress.result b/mysql-test/r/func_compress.result index 4a3454cf658..a30ca7859f1 100644 --- a/mysql-test/r/func_compress.result +++ b/mysql-test/r/func_compress.result @@ -116,4 +116,19 @@ Warnings: Error 1259 ZLIB: Input data corrupted Error 1259 ZLIB: Input data corrupted drop table t1; +CREATE TABLE t1 (c1 INT); +INSERT INTO t1 VALUES (1), (1111), (11111); +SELECT UNCOMPRESS(c1), UNCOMPRESSED_LENGTH(c1) FROM t1; +UNCOMPRESS(c1) UNCOMPRESSED_LENGTH(c1) +NULL NULL +NULL NULL +NULL 825307441 +Warnings: +Error 1259 ZLIB: Input data corrupted +Error 1259 ZLIB: Input data corrupted +Error 1259 ZLIB: Input data corrupted +Error 1259 ZLIB: Input data corrupted +Error 1256 Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted) +EXPLAIN EXTENDED SELECT * FROM (SELECT UNCOMPRESSED_LENGTH(c1) FROM t1) AS s; +DROP TABLE t1; End of 5.0 tests diff --git a/mysql-test/t/func_compress.test b/mysql-test/t/func_compress.test index 68f07f258bf..b1a37c16c6d 100644 --- a/mysql-test/t/func_compress.test +++ b/mysql-test/t/func_compress.test @@ -82,4 +82,21 @@ select *, uncompress(a) from t1; select *, uncompress(a), uncompress(a) is null from t1; drop table t1; +# +# Bug #44796: valgrind: too many my_longlong10_to_str_8bit warnings after +# uncompressed_length +# + +CREATE TABLE t1 (c1 INT); +INSERT INTO t1 VALUES (1), (1111), (11111); + +SELECT UNCOMPRESS(c1), UNCOMPRESSED_LENGTH(c1) FROM t1; + +# We do not need the results, just make sure there are no valgrind errors +--disable_result_log +EXPLAIN EXTENDED SELECT * FROM (SELECT UNCOMPRESSED_LENGTH(c1) FROM t1) AS s; +--enable_result_log + +DROP TABLE t1; + --echo End of 5.0 tests |