From a60c39a2ffc7ec0c0b4ae8bbadf733773ec7557f Mon Sep 17 00:00:00 2001
From: Sergey Glukhov <sergey.glukhov@oracle.com>
Date: Wed, 27 Apr 2011 11:35:57 +0400
Subject: Bug#11889186  60503: CRASH IN MAKE_DATE_TIME WITH DATE_FORMAT /
 STR_TO_DATE COMBINATION calc_daynr() function returns negative result if
 malformed date with zero year and month is used. Attempt to calculate week
 day on negative value leads to crash. The fix is return NULL for 'W', 'a',
 'w' specifiers if zero year and month is used. Additional fix for
 calc_daynr(): --added assertion that result can not be negative --return 0 if
 zero year and month is used

mysql-test/r/func_time.result:
  test case
mysql-test/t/func_time.test:
  test case
sql-common/my_time.c:
  --added assertion that result can not be negative
  --return 0 if zero year and month is used
sql/item_timefunc.cc:
  eturn NULL for 'W', 'a', 'w' specifiers
  if zero year and month is used.
---
 sql-common/my_time.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'sql-common/my_time.c')

diff --git a/sql-common/my_time.c b/sql-common/my_time.c
index ca11c54a999..80a7e0daa2c 100644
--- a/sql-common/my_time.c
+++ b/sql-common/my_time.c
@@ -772,7 +772,7 @@ long calc_daynr(uint year,uint month,uint day)
   int y= year;                                  /* may be < 0 temporarily */
   DBUG_ENTER("calc_daynr");
 
-  if (y == 0 && month == 0 && day == 0)
+  if (y == 0 && month == 0)
     DBUG_RETURN(0);				/* Skip errors */
   /* Cast to int to be able to handle month == 0 */
   delsum= (long) (365 * y + 31 *((int) month - 1) + (int) day);
@@ -783,6 +783,7 @@ long calc_daynr(uint year,uint month,uint day)
   temp=(int) ((y/100+1)*3)/4;
   DBUG_PRINT("exit",("year: %d  month: %d  day: %d -> daynr: %ld",
 		     y+(month <= 2),month,day,delsum+y/4-temp));
+  DBUG_ASSERT(delsum+(int) y/4-temp > 0);
   DBUG_RETURN(delsum+(int) y/4-temp);
 } /* calc_daynr */
 
-- 
cgit v1.2.1