Automerge.

author: Alexey Kopytov <Alexey.Kopytov@sun.com> 2009-05-21 16:08:16 +0400
committer: Alexey Kopytov <Alexey.Kopytov@sun.com> 2009-05-21 16:08:16 +0400
commit: 958e896d8f4049b7e38b4946bc9a1c928e5981a1 (patch)
tree: ed7cd020e6dcdf1132020d6c6239e5145df9eadd /sql/item_strfunc.cc
parent: 405bd2af117384e009c3feffe1fd7d9019bf9d2b (diff)
parent: 0b62b7f26d2bef58983f7c7e8b288dd9bce0cdcc (diff)
download: mariadb-git-958e896d8f4049b7e38b4946bc9a1c928e5981a1.tar.gz
1 files changed, 15 insertions, 1 deletions
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index 501b7e85080..996f79db987 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -3219,7 +3219,21 @@ longlong Item_func_uncompressed_length::val_int()
   if (res->is_empty()) return 0;
 
   /*
-    res->ptr() using is safe because we have tested that string is not empty,
+    If length is <= 4 bytes, data is corrupt. This is the best we can do
+    to detect garbage input without decompressing it.
+  */
+  if (res->length() <= 4)
+  {
+    push_warning_printf(current_thd, MYSQL_ERROR::WARN_LEVEL_ERROR,
+                        ER_ZLIB_Z_DATA_ERROR,
+                        ER(ER_ZLIB_Z_DATA_ERROR));
+    null_value= 1;
+    return 0;
+  }
+
+ /*
+    res->ptr() using is safe because we have tested that string is at least
+    5 bytes long.
     res->c_ptr() is not used because:
       - we do not need \0 terminated string to get first 4 bytes
       - c_ptr() tests simbol after string end (uninitialiozed memory) which
author	Alexey Kopytov <Alexey.Kopytov@sun.com>	2009-05-21 16:08:16 +0400
committer	Alexey Kopytov <Alexey.Kopytov@sun.com>	2009-05-21 16:08:16 +0400
commit	958e896d8f4049b7e38b4946bc9a1c928e5981a1 (patch)
tree	ed7cd020e6dcdf1132020d6c6239e5145df9eadd /sql/item_strfunc.cc
parent	405bd2af117384e009c3feffe1fd7d9019bf9d2b (diff)
parent	0b62b7f26d2bef58983f7c7e8b288dd9bce0cdcc (diff)
download	mariadb-git-958e896d8f4049b7e38b4946bc9a1c928e5981a1.tar.gz