From 3185118e1a8d7599b7b5238b4b320f1a97a47bd5 Mon Sep 17 00:00:00 2001
From: Ramil Kalimullin <ramil@mysql.com>
Date: Thu, 8 Oct 2009 16:56:31 +0500
Subject: Fix for bug #42803: Field_bit does not have unsigned_flag field, can
 lead to bad memory access

Problem: Field_bit is the only field which returns INT_RESULT
and doesn't have unsigned flag. As it's not a descendant of the
Field_num, so using ((Field_num *) field_bit)->unsigned_flag may lead
to unpredictable results.

Fix: check the field type before casting.


mysql-test/r/type_bit.result:
  Fix for bug #42803: Field_bit does not have unsigned_flag field,
  can lead to bad memory access
    - test result.
mysql-test/t/type_bit.test:
  Fix for bug #42803: Field_bit does not have unsigned_flag field,
  can lead to bad memory access
    - test case.
sql/opt_range.cc:
  Fix for bug #42803: Field_bit does not have unsigned_flag field,
  can lead to bad memory access
    - don't cast to (Field_num *) Field_bit, as it's not a Field_num
  descendant and is always unsigned by nature.
---
 mysql-test/r/type_bit.result | 10 ++++++++++
 mysql-test/t/type_bit.test   | 11 +++++++++++
 2 files changed, 21 insertions(+)

(limited to 'mysql-test')

diff --git a/mysql-test/r/type_bit.result b/mysql-test/r/type_bit.result
index 63dec0297d0..252f8165aec 100644
--- a/mysql-test/r/type_bit.result
+++ b/mysql-test/r/type_bit.result
@@ -749,4 +749,14 @@ bin(a1)
 110000111111111
 110001011111111
 drop table t1bit7, t2bit7;
+#
+# Bug42803: Field_bit does not have unsigned_flag field, 
+# can lead to bad memory access
+#
+CREATE TABLE t1 (a BIT(7), b BIT(9), KEY(a, b));
+INSERT INTO t1 VALUES(0, 0), (5, 3), (5, 6), (6, 4), (7, 0);
+EXPLAIN SELECT a+0, b+0 FROM t1 WHERE a > 4 and b < 7 ORDER BY 2;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	t1	range	a	a	2	NULL	4	Using where; Using index; Using filesort
+DROP TABLE t1;
 End of 5.0 tests
diff --git a/mysql-test/t/type_bit.test b/mysql-test/t/type_bit.test
index bdc678688f1..7ec0649cbdd 100644
--- a/mysql-test/t/type_bit.test
+++ b/mysql-test/t/type_bit.test
@@ -397,4 +397,15 @@ insert into t2bit7 values (b'110011011111111');
 select bin(a1) from t1bit7, t2bit7 where t1bit7.a1=t2bit7.b1; 
 drop table t1bit7, t2bit7; 
 
+
+--echo #
+--echo # Bug42803: Field_bit does not have unsigned_flag field, 
+--echo # can lead to bad memory access
+--echo #
+CREATE TABLE t1 (a BIT(7), b BIT(9), KEY(a, b));
+INSERT INTO t1 VALUES(0, 0), (5, 3), (5, 6), (6, 4), (7, 0);
+EXPLAIN SELECT a+0, b+0 FROM t1 WHERE a > 4 and b < 7 ORDER BY 2;
+DROP TABLE t1;
+
+
 --echo End of 5.0 tests
-- 
cgit v1.2.1