diff options
| -rw-r--r-- | mysql-test/r/func_str.result | 12 | ||||
| -rw-r--r-- | mysql-test/t/func_str.test | 8 | ||||
| -rw-r--r-- | sql/item_strfunc.cc | 10 |
3 files changed, 25 insertions, 5 deletions
diff --git a/mysql-test/r/func_str.result b/mysql-test/r/func_str.result index d09d3aeb529..5e78e2572c1 100644 --- a/mysql-test/r/func_str.result +++ b/mysql-test/r/func_str.result @@ -1946,4 +1946,16 @@ NULL SELECT UNHEX('G') IS NULL; UNHEX('G') IS NULL 1 +SELECT INSERT('abc', 3, 3, '1234'); +INSERT('abc', 3, 3, '1234') +ab1234 +SELECT INSERT('abc', 4, 3, '1234'); +INSERT('abc', 4, 3, '1234') +abc1234 +SELECT INSERT('abc', 5, 3, '1234'); +INSERT('abc', 5, 3, '1234') +abc +SELECT INSERT('abc', 6, 3, '1234'); +INSERT('abc', 6, 3, '1234') +abc End of 5.0 tests diff --git a/mysql-test/t/func_str.test b/mysql-test/t/func_str.test index 2e76dc2ca31..775e273b384 100644 --- a/mysql-test/t/func_str.test +++ b/mysql-test/t/func_str.test @@ -1014,4 +1014,12 @@ select lpad('abc', cast(5 as unsigned integer), 'x'); SELECT UNHEX('G'); SELECT UNHEX('G') IS NULL; +# +# Bug #26281: INSERT() function mishandles NUL on boundary condition +# +SELECT INSERT('abc', 3, 3, '1234'); +SELECT INSERT('abc', 4, 3, '1234'); +SELECT INSERT('abc', 5, 3, '1234'); +SELECT INSERT('abc', 6, 3, '1234'); + --echo End of 5.0 tests diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 385f4ad9770..8a2574bd248 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -967,18 +967,18 @@ String *Item_func_insert::val_str(String *str) args[3]->null_value) goto null; /* purecov: inspected */ - if ((start < 0) || (start > res->length() + 1)) + if ((start < 0) || (start > res->length())) return res; // Wrong param; skip insert - if ((length < 0) || (length > res->length() + 1)) - length= res->length() + 1; + if ((length < 0) || (length > res->length())) + length= res->length(); /* start and length are now sufficiently valid to pass to charpos function */ start= res->charpos((int) start); length= res->charpos((int) length, (uint32) start); /* Re-testing with corrected params */ - if (start > res->length() + 1) - return res; // Wrong param; skip insert + if (start > res->length()) + return res; /* purecov: inspected */ // Wrong param; skip insert if (length > res->length() - start) length= res->length() - start; |