diff options
author | Norio Akagi <redtree.dev1112@gmail.com> | 2022-07-06 09:23:09 +0000 |
---|---|---|
committer | Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> | 2022-08-01 14:41:17 +0900 |
commit | bb3300d60774b10a5b8a84d2c6baf60d10f41e42 (patch) | |
tree | f20ddd024491488b5794b989394b43f8c2a0129a /mysql-test | |
parent | a6f7c8edc9b8c394662e06df7421eb6215ced0d3 (diff) | |
download | mariadb-git-bb3300d60774b10a5b8a84d2c6baf60d10f41e42.tar.gz |
MDEV-28315 Fix ASAN stack-buffer-overflow in String::copy_alignedbb-10.6-MDEV-28315
Starting since this commit 36cdd5c there is an ASAN
stack-buffer-overflow error because we append a NULL terminator
beyond the length of memory allocated.
Diffstat (limited to 'mysql-test')
-rw-r--r-- | mysql-test/main/strings.result | 10 | ||||
-rw-r--r-- | mysql-test/main/strings.test | 12 |
2 files changed, 22 insertions, 0 deletions
diff --git a/mysql-test/main/strings.result b/mysql-test/main/strings.result index 2d0eb5e7400..6573e734422 100644 --- a/mysql-test/main/strings.result +++ b/mysql-test/main/strings.result @@ -18,3 +18,13 @@ LENGTH(CONCAT_WS(d, ' ')) 1 1 DROP TABLE t1; +# +# MDEV-28315 ASAN stack-buffer-overflow in String::copy_aligned +# +CREATE TABLE t1 (a VARBINARY(128)) CHARACTER SET utf32; +INSERT INTO t1 VALUES ('South Carolina, Vermont, New Jersey, New Mexico, Wisconsin, Missouri, Delaware'); +CREATE TABLE t2 (b SET('South Carolina', 'Vermont', 'Texas', 'New Mexico', 'Wisconsin', 'Missouri', 'Delaware', 'Wyoming', 'New Jersey', 'Maryland', 'Illinois', 'New York')) CHARACTER SET utf32; +INSERT INTO t2 SELECT * FROM t1; +ERROR 01000: Data truncated for column 'b' at row 1 +DROP TABLE t1; +DROP TABLE t2; diff --git a/mysql-test/main/strings.test b/mysql-test/main/strings.test index 083ab7b07a4..3f3f4b572af 100644 --- a/mysql-test/main/strings.test +++ b/mysql-test/main/strings.test @@ -24,3 +24,15 @@ CREATE TABLE t1 (d DATE); INSERT INTO t1 VALUES ('1920-03-02'),('2020-12-01'); SELECT LENGTH(CONCAT_WS(d, ' ')) FROM t1; DROP TABLE t1; + +--echo # +--echo # MDEV-28315 ASAN stack-buffer-overflow in String::copy_aligned +--echo # + +CREATE TABLE t1 (a VARBINARY(128)) CHARACTER SET utf32; +INSERT INTO t1 VALUES ('South Carolina, Vermont, New Jersey, New Mexico, Wisconsin, Missouri, Delaware'); +CREATE TABLE t2 (b SET('South Carolina', 'Vermont', 'Texas', 'New Mexico', 'Wisconsin', 'Missouri', 'Delaware', 'Wyoming', 'New Jersey', 'Maryland', 'Illinois', 'New York')) CHARACTER SET utf32; +--error WARN_DATA_TRUNCATED +INSERT INTO t2 SELECT * FROM t1; +DROP TABLE t1; +DROP TABLE t2; |