diff options
-rw-r--r-- | mysql-test/r/func_time.result | 6 | ||||
-rw-r--r-- | mysql-test/t/func_time.test | 7 | ||||
-rw-r--r-- | sql/item_timefunc.cc | 2 |
3 files changed, 14 insertions, 1 deletions
diff --git a/mysql-test/r/func_time.result b/mysql-test/r/func_time.result index 19877b17901..25f3484b718 100644 --- a/mysql-test/r/func_time.result +++ b/mysql-test/r/func_time.result @@ -3444,5 +3444,11 @@ foo Warnings: Warning 1292 Truncated incorrect DECIMAL value: '2012-12-12 12:12:12' # +# MDEV-18626 ASAN stack-buffer-overflow in int10_to_str / make_date_time upon DATE_FORMAT +# +SELECT DATE_FORMAT(100000000000, '%j'); +DATE_FORMAT(100000000000, '%j') +NULL +# # End of 10.1 tests # diff --git a/mysql-test/t/func_time.test b/mysql-test/t/func_time.test index 05c19a9730a..eabff67ca62 100644 --- a/mysql-test/t/func_time.test +++ b/mysql-test/t/func_time.test @@ -1930,5 +1930,12 @@ DROP TABLE t1; SELECT NULLIF('foo', FROM_UNIXTIME('2012-12-12 12:12:12', TRIM(0))); --echo # +--echo # MDEV-18626 ASAN stack-buffer-overflow in int10_to_str / make_date_time upon DATE_FORMAT +--echo # + +SELECT DATE_FORMAT(100000000000, '%j'); + + +--echo # --echo # End of 10.1 tests --echo # diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc index c10b6442ce8..e8440803295 100644 --- a/sql/item_timefunc.cc +++ b/sql/item_timefunc.cc @@ -577,7 +577,7 @@ static bool make_date_time(const LEX_CSTRING &format, MYSQL_TIME *l_time, str->append_with_prefill(intbuff, length, 2, '0'); break; case 'j': - if (type == MYSQL_TIMESTAMP_TIME) + if (type == MYSQL_TIMESTAMP_TIME || !l_time->month || !l_time->year) return 1; length= (uint) (int10_to_str(calc_daynr(l_time->year,l_time->month, l_time->day) - |