From dcd9f246e34624f880b313004732675ed7658c68 Mon Sep 17 00:00:00 2001 From: Tor Didriksen Date: Mon, 7 Feb 2011 11:17:46 +0100 Subject: Bug #59632 Assertion failed: arg_length > length The problem was overflow in max_length when we tried to des_decrypt() something which is not the output of des_encrypt() mysql-test/r/ssl_and_innodb.result: New test case. mysql-test/t/ssl_and_innodb.test: New test case. sql/item_strfunc.h: Do not subtract the encrypt overhead (9U) if args[0] has length < 9 (In unsigned arithmetic, (1-9) becomes a very large number) --- sql/item_strfunc.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'sql/item_strfunc.h') diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h index 24d8d354670..e26f9b4467a 100644 --- a/sql/item_strfunc.h +++ b/sql/item_strfunc.h @@ -1,7 +1,7 @@ #ifndef ITEM_STRFUNC_INCLUDED #define ITEM_STRFUNC_INCLUDED -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -361,7 +361,9 @@ public: { maybe_null=1; /* 9 = MAX ((8- (arg_len % 8)) + 1) */ - max_length = args[0]->max_length - 9; + max_length= args[0]->max_length; + if (max_length >= 9U) + max_length-= 9U; } const char *func_name() const { return "des_decrypt"; } }; -- cgit v1.2.1