diff options
-rw-r--r-- | mysql-test/r/udf.result | 8 | ||||
-rw-r--r-- | mysql-test/t/udf.test | 10 | ||||
-rw-r--r-- | sql/sql_udf.cc | 6 |
3 files changed, 21 insertions, 3 deletions
diff --git a/mysql-test/r/udf.result b/mysql-test/r/udf.result index 49768f6c514..367fc187ed2 100644 --- a/mysql-test/r/udf.result +++ b/mysql-test/r/udf.result @@ -492,4 +492,12 @@ select * from mysql.plugin WHERE name='unexisting_udf'; name dl DROP FUNCTION unexisting_udf; ERROR 42000: FUNCTION test.unexisting_udf does not exist +# +# Bug #31674599: THE UDF_INIT() FUNCTION CAUSE SERVER CRASH +# +call mtr.add_suppression('Invalid row in mysql.func table'); +insert mysql.func () values (); +delete from mysql.func where name = ''; +# # End of 10.2 tests +# diff --git a/mysql-test/t/udf.test b/mysql-test/t/udf.test index 07c7f599db7..199c0737dd1 100644 --- a/mysql-test/t/udf.test +++ b/mysql-test/t/udf.test @@ -562,4 +562,14 @@ select * from mysql.plugin WHERE name='unexisting_udf'; --error ER_SP_DOES_NOT_EXIST DROP FUNCTION unexisting_udf; +--echo # +--echo # Bug #31674599: THE UDF_INIT() FUNCTION CAUSE SERVER CRASH +--echo # +call mtr.add_suppression('Invalid row in mysql.func table'); +insert mysql.func () values (); +source include/restart_mysqld.inc; +delete from mysql.func where name = ''; + +--echo # --echo # End of 10.2 tests +--echo # diff --git a/sql/sql_udf.cc b/sql/sql_udf.cc index 2af12d94228..c026ef6b7ba 100644 --- a/sql/sql_udf.cc +++ b/sql/sql_udf.cc @@ -196,7 +196,7 @@ void udf_init() DBUG_PRINT("info",("init udf record")); LEX_STRING name; name.str=get_field(&mem, table->field[0]); - name.length = (uint) strlen(name.str); + name.length = (uint) safe_strlen(name.str); char *dl_name= get_field(&mem, table->field[2]); bool new_dl=0; Item_udftype udftype=UDFTYPE_FUNCTION; @@ -210,12 +210,12 @@ void udf_init() On windows we must check both FN_LIBCHAR and '/'. */ - if (check_valid_path(dl_name, strlen(dl_name)) || + if (!name.str || !dl_name || check_valid_path(dl_name, strlen(dl_name)) || check_string_char_length(&name, 0, NAME_CHAR_LEN, system_charset_info, 1)) { sql_print_error("Invalid row in mysql.func table for function '%.64s'", - name.str); + safe_str(name.str)); continue; } |