BUG#11766519 (bug#59648): MY_STRTOLL10_MB2: ASSERTION `(*ENDPTR - S) % 2 == 0' FAILED

      
Problem: wrong character set pointer was passed to my_strtoll10_mb2,
which led to DBUG_ASSERT failure in some cases.

  @ mysql-test/r/func_encrypt_ucs2.result
  @ mysql-test/t/func_encrypt_ucs2.test
  @ mysql-test/r/ctype_ucs.result
  @ mysql-test/t/ctype_ucs.test
  Adding tests

  @ sql/item_func.cc
  "cs" initialization was wrong (res does not necessarily point to &str_value)

  @ sql/item_strfunc.cc
  Item_func_dec_encrypt::val_str() and Item_func_des_descrypt::val_str()
  did not set character set for tmp_value (the returned value),
  so the old value, which was previously copied from args[1]->val_str(),
  was incorrectly returned with tmp_value.

1 files changed, 2 insertions, 0 deletions

diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index c637c9c29b8..319184002bf 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -519,6 +519,7 @@ String *Item_func_des_encrypt::val_str(String *str)
   tmp_arg[res_length-1]=tail;                   // save extra length
   tmp_value.realloc(res_length+1);
   tmp_value.length(res_length+1);
+  tmp_value.set_charset(&my_charset_bin);
   tmp_value[0]=(char) (128 | key_number);
   // Real encryption
   bzero((char*) &ivec,sizeof(ivec));
@@ -606,6 +607,7 @@ String *Item_func_des_decrypt::val_str(String *str)
   if ((tail=(uint) (uchar) tmp_value[length-2]) > 8)
     goto wrong_key;				     // Wrong key
   tmp_value.length(length-1-tail);
+  tmp_value.set_charset(&my_charset_bin);
   return &tmp_value;
 
 error: