Automerge.

author: Alexey Kopytov <Alexey.Kopytov@sun.com> 2009-05-21 16:16:17 +0400
committer: Alexey Kopytov <Alexey.Kopytov@sun.com> 2009-05-21 16:16:17 +0400
commit: 1bf8e86ab44994da6f0a99dcebcffb473c83a598 (patch)
tree: 9d2aa5f451417e549f3a316568bd0f7dfd7deb23 /sql/item_strfunc.cc
parent: 295afc7af4b199c628a16f0ec282d7ce9c2c2246 (diff)
parent: 958e896d8f4049b7e38b4946bc9a1c928e5981a1 (diff)
download: mariadb-git-1bf8e86ab44994da6f0a99dcebcffb473c83a598.tar.gz
1 files changed, 15 insertions, 1 deletions
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index a3140b4db64..f9210c842bb 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -3226,7 +3226,21 @@ longlong Item_func_uncompressed_length::val_int()
   if (res->is_empty()) return 0;
 
   /*
-    res->ptr() using is safe because we have tested that string is not empty,
+    If length is <= 4 bytes, data is corrupt. This is the best we can do
+    to detect garbage input without decompressing it.
+  */
+  if (res->length() <= 4)
+  {
+    push_warning_printf(current_thd, MYSQL_ERROR::WARN_LEVEL_ERROR,
+                        ER_ZLIB_Z_DATA_ERROR,
+                        ER(ER_ZLIB_Z_DATA_ERROR));
+    null_value= 1;
+    return 0;
+  }
+
+ /*
+    res->ptr() using is safe because we have tested that string is at least
+    5 bytes long.
     res->c_ptr() is not used because:
       - we do not need \0 terminated string to get first 4 bytes
       - c_ptr() tests simbol after string end (uninitialiozed memory) which
author	Alexey Kopytov <Alexey.Kopytov@sun.com>	2009-05-21 16:16:17 +0400
committer	Alexey Kopytov <Alexey.Kopytov@sun.com>	2009-05-21 16:16:17 +0400
commit	1bf8e86ab44994da6f0a99dcebcffb473c83a598 (patch)
tree	9d2aa5f451417e549f3a316568bd0f7dfd7deb23 /sql/item_strfunc.cc
parent	295afc7af4b199c628a16f0ec282d7ce9c2c2246 (diff)
parent	958e896d8f4049b7e38b4946bc9a1c928e5981a1 (diff)
download	mariadb-git-1bf8e86ab44994da6f0a99dcebcffb473c83a598.tar.gz