diff options
| author | Tor Didriksen <tor.didriksen@oracle.com> | 2011-02-07 11:17:46 +0100 |
|---|---|---|
| committer | Tor Didriksen <tor.didriksen@oracle.com> | 2011-02-07 11:17:46 +0100 |
| commit | dcd9f246e34624f880b313004732675ed7658c68 (patch) | |
| tree | 26ba9c2c33cbc6994c85cbde463ea3a00d4c5cb5 /sql/item_strfunc.h | |
| parent | cee1b3dda839289bbacc1cd70dd4a89fdbae5d83 (diff) | |
| download | mariadb-git-dcd9f246e34624f880b313004732675ed7658c68.tar.gz | |
Bug #59632 Assertion failed: arg_length > length
The problem was overflow in max_length when we tried to des_decrypt()
something which is not the output of des_encrypt()
mysql-test/r/ssl_and_innodb.result:
New test case.
mysql-test/t/ssl_and_innodb.test:
New test case.
sql/item_strfunc.h:
Do not subtract the encrypt overhead (9U) if args[0] has length < 9
(In unsigned arithmetic, (1-9) becomes a very large number)
Diffstat (limited to 'sql/item_strfunc.h')
| -rw-r--r-- | sql/item_strfunc.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h index 24d8d354670..e26f9b4467a 100644 --- a/sql/item_strfunc.h +++ b/sql/item_strfunc.h @@ -1,7 +1,7 @@ #ifndef ITEM_STRFUNC_INCLUDED #define ITEM_STRFUNC_INCLUDED -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -361,7 +361,9 @@ public: { maybe_null=1; /* 9 = MAX ((8- (arg_len % 8)) + 1) */ - max_length = args[0]->max_length - 9; + max_length= args[0]->max_length; + if (max_length >= 9U) + max_length-= 9U; } const char *func_name() const { return "des_decrypt"; } }; |