1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-25420 JSON_TABLE: ASAN heap-buffer-overflow in Protocol::net_store_data or consequent failur es.

Browse Source 
fixed changed.
This commit is contained in:
Alexey Botchkov 2021-04-17 09:25:23 +04:00
parent b0817ff8de
commit a4353c25ca
3 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mysql-test/suite/json/r/json_table.result
View File

@ -856,7 +856,7 @@ a TEXT EXISTS PATH '$', b VARCHAR(40) PATH '$', c BIT(60) PATH '$', d VARCHAR(60
f FOR ORDINALITY, g INT PATH '$', h VARCHAR(36) PATH '$', i DATE PATH '$', j CHAR(4) PATH '$'
)) AS jt;
a b c d e f g h i j
1 NULL NULL NULL 1 NULL NULL NULL NULL
1 NULL NULL NULL NULL 1 NULL NULL NULL NULL
#
# MDEV-25373 JSON_TABLE: Illegal mix of collations upon executing PS once, or SP/function twice.
#

3
sql/json_table.cc
View File

@ -749,6 +749,7 @@ bool Create_json_table::add_json_table_fields(THD *thd, TABLE *table,
Create_field *sql_f= jc->m_field;
Record_addr addr(!(sql_f->flags & NOT_NULL_FLAG));
Bit_addr bit(addr.null());
uint uneven_delta;
sql_f->prepare_stage2(table->file, table->file->ha_table_flags());
@ -760,7 +761,9 @@ bool Create_json_table::add_json_table_fields(THD *thd, TABLE *table,
if (!f)
goto err_exit;
f->init(table);
uneven_delta= m_uneven_bit_length;
add_field(table, f, fieldnr++, 0);
m_uneven_bit[current_counter]+= (m_uneven_bit_length - uneven_delta);
}
share->fields= fieldnr;

17
sql/sql_select.cc
View File

@ -18291,16 +18291,6 @@ Create_tmp_table::Create_tmp_table(ORDER *group, bool distinct,
}
static void add_null_bits_for_field(const Field *f, uint *null_counter)
{
if (!(f->flags & NOT_NULL_FLAG))
(*null_counter)++;
if (f->type() == MYSQL_TYPE_BIT)
(*null_counter)+= f->field_length & 7;
}
void Create_tmp_table::add_field(TABLE *table, Field *field, uint fieldnr,
bool force_not_null_cols)
{
@ -18313,7 +18303,8 @@ void Create_tmp_table::add_field(TABLE *table, Field *field, uint fieldnr,
field->null_ptr= NULL;
}
add_null_bits_for_field(field, m_null_count + current_counter);
if (!(field->flags & NOT_NULL_FLAG))
m_null_count[current_counter]++;
table->s->reclength+= field->pack_length();
@ -18894,6 +18885,7 @@ bool Create_tmp_table::finalize(THD *thd,
recinfo->null_pos= (null_pack_base[current_counter] +
null_counter[current_counter]/8);
field->move_field(pos, null_flags + recinfo->null_pos, recinfo->null_bit);
null_counter[current_counter]++;
}
else
field->move_field(pos,(uchar*) 0,0);
@ -18904,9 +18896,8 @@ bool Create_tmp_table::finalize(THD *thd,
null_pack_base[current_counter] +
null_counter[current_counter]/8,
null_counter[current_counter] & 7);
null_counter[current_counter]+= (field->field_length & 7);
}
add_null_bits_for_field(field, null_counter + current_counter);
field->reset();
/*