diff options
| author | Gleb Shchepa <gshchepa@mysql.com> | 2010-08-06 23:29:37 +0400 |
|---|---|---|
| committer | Gleb Shchepa <gshchepa@mysql.com> | 2010-08-06 23:29:37 +0400 |
| commit | 45a87c685b1378d3840df3e391134afb01dead6f (patch) | |
| tree | d65701a7fcebae2d6dac44d75863efaa849215c3 /sql/item_func.h | |
| parent | 09eb23d50b4b9a2df7d2f81c8e5020ddbc022c2a (diff) | |
| download | mariadb-git-45a87c685b1378d3840df3e391134afb01dead6f.tar.gz | |
Bug #55424: convert_tz crashes when fed invalid data
The CONVERT_TZ function crashes the server when the
timezone argument is an empty SET field value.
1) The CONVERT_TZ may find a timezone string in the
tz_names hash.
2) A string representation of the empty SET is a
String of zero length with the NULL pointer.
3) If the key argument length is zero, hash functions
do comparison using the length of the record being
compared against.
I.e. a zero-length String buffer is an invalid
argument for hash search functions, and if String
points to NULL buffer, hashcmp() fails with SEGV
accessing that memory.
The my_tz_find function has been modified to
treat empty Strings as invalid timezone values
to skip unnecessary hash search.
mysql-test/r/timezone2.result:
Test case for bug #55424.
mysql-test/t/timezone2.test:
Test case for bug #55424.
sql/sql_string.h:
Bug #55424: convert_tz crashes when fed invalid data
Added "const" modifier to String::is_empty().
sql/tztime.cc:
Bug #55424: convert_tz crashes when fed invalid data
The my_tz_find function has been modified to
treat empty Strings as invalid timezone values
to skip unnecessary hash search.
Diffstat (limited to 'sql/item_func.h')
0 files changed, 0 insertions, 0 deletions