1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings

Browse Source 
ESCAPE argument might be empty string. It leads
to server crash under some circumstances.
The fix:
-added check if ESCAPE argument result is not empty string

mysql-test/r/ctype_latin1.result:
  test case
mysql-test/t/ctype_latin1.test:
  test case
sql/item_cmpfunc.cc:
  -added check if ESCAPE argument result is not empty string
This commit is contained in:
Sergey Glukhov 2010-11-18 11:53:08 +03:00
parent 21bc09c26b
commit 1c94d43bbb
3 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mysql-test/r/ctype_latin1.result
View File

@ -409,3 +409,11 @@ select hex(cast(_ascii 0x7f as char(1) character set latin1));
hex(cast(_ascii 0x7f as char(1) character set latin1)) hex(cast(_ascii 0x7f as char(1) character set latin1))
7F 7F
End of 5.0 tests End of 5.0 tests
#
# Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
#
SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');
'' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '')
1
Warnings:
Warning 1292 Truncated incorrect INTEGER value: ''

5
mysql-test/t/ctype_latin1.test
View File

@ -127,3 +127,8 @@ DROP TABLE `abc
select hex(cast(_ascii 0x7f as char(1) character set latin1)); select hex(cast(_ascii 0x7f as char(1) character set latin1));
--echo End of 5.0 tests --echo End of 5.0 tests
--echo #
--echo # Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings
--echo #
SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '');

11
sql/item_cmpfunc.cc
View File

@ -4692,6 +4692,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
String *escape_str= escape_item->val_str(&cmp.value1); String *escape_str= escape_item->val_str(&cmp.value1);
if (escape_str) if (escape_str)
{ {
const char *escape_str_ptr= escape_str->ptr();
if (escape_used_in_parsing && ( if (escape_used_in_parsing && (
(((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) && (((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) &&
escape_str->numchars() != 1) || escape_str->numchars() != 1) ||
@ -4706,9 +4707,9 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
CHARSET_INFO *cs= escape_str->charset(); CHARSET_INFO *cs= escape_str->charset();
my_wc_t wc; my_wc_t wc;
int rc= cs->cset->mb_wc(cs, &wc, int rc= cs->cset->mb_wc(cs, &wc,
(const uchar*) escape_str->ptr(), (const uchar*) escape_str_ptr,
(const uchar*) escape_str->ptr() + (const uchar*) escape_str_ptr +
escape_str->length()); escape_str->length());
escape= (int) (rc > 0 ? wc : '\\'); escape= (int) (rc > 0 ? wc : '\\');
} }
else else
@ -4725,13 +4726,13 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref)
{ {
char ch; char ch;
uint errors; uint errors;
uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str->ptr(), uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str_ptr,
escape_str->length(), escape_str->length(),
escape_str->charset(), &errors); escape_str->charset(), &errors);
escape= cnvlen ? ch : '\\'; escape= cnvlen ? ch : '\\';
} }
else else
escape= *(escape_str->ptr()); escape= escape_str_ptr ? *escape_str_ptr : '\\';
} }
} }
else else