From a4353c25cae3ad476ca98b76ed5578b43c76048f Mon Sep 17 00:00:00 2001 From: Alexey Botchkov Date: Sat, 17 Apr 2021 09:25:23 +0400 Subject: [PATCH] MDEV-25420 JSON_TABLE: ASAN heap-buffer-overflow in Protocol::net_store_data or consequent failur es. fixed changed. --- mysql-test/suite/json/r/json_table.result | 2 +- sql/json_table.cc | 3 +++ sql/sql_select.cc | 17 ++++------------- 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/mysql-test/suite/json/r/json_table.result b/mysql-test/suite/json/r/json_table.result index a996401496f..1ebb90918f9 100644 --- a/mysql-test/suite/json/r/json_table.result +++ b/mysql-test/suite/json/r/json_table.result @@ -856,7 +856,7 @@ a TEXT EXISTS PATH '$', b VARCHAR(40) PATH '$', c BIT(60) PATH '$', d VARCHAR(60 f FOR ORDINALITY, g INT PATH '$', h VARCHAR(36) PATH '$', i DATE PATH '$', j CHAR(4) PATH '$' )) AS jt; a b c d e f g h i j -1 NULL NULL NULL 1 NULL NULL NULL NULL +1 NULL NULL NULL NULL 1 NULL NULL NULL NULL # # MDEV-25373 JSON_TABLE: Illegal mix of collations upon executing PS once, or SP/function twice. # diff --git a/sql/json_table.cc b/sql/json_table.cc index c79abf942fa..8ad246f39f1 100644 --- a/sql/json_table.cc +++ b/sql/json_table.cc @@ -749,6 +749,7 @@ bool Create_json_table::add_json_table_fields(THD *thd, TABLE *table, Create_field *sql_f= jc->m_field; Record_addr addr(!(sql_f->flags & NOT_NULL_FLAG)); Bit_addr bit(addr.null()); + uint uneven_delta; sql_f->prepare_stage2(table->file, table->file->ha_table_flags()); @@ -760,7 +761,9 @@ bool Create_json_table::add_json_table_fields(THD *thd, TABLE *table, if (!f) goto err_exit; f->init(table); + uneven_delta= m_uneven_bit_length; add_field(table, f, fieldnr++, 0); + m_uneven_bit[current_counter]+= (m_uneven_bit_length - uneven_delta); } share->fields= fieldnr; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index f57e5963cf8..5d91911a341 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -18291,16 +18291,6 @@ Create_tmp_table::Create_tmp_table(ORDER *group, bool distinct, } -static void add_null_bits_for_field(const Field *f, uint *null_counter) -{ - if (!(f->flags & NOT_NULL_FLAG)) - (*null_counter)++; - - if (f->type() == MYSQL_TYPE_BIT) - (*null_counter)+= f->field_length & 7; -} - - void Create_tmp_table::add_field(TABLE *table, Field *field, uint fieldnr, bool force_not_null_cols) { @@ -18313,7 +18303,8 @@ void Create_tmp_table::add_field(TABLE *table, Field *field, uint fieldnr, field->null_ptr= NULL; } - add_null_bits_for_field(field, m_null_count + current_counter); + if (!(field->flags & NOT_NULL_FLAG)) + m_null_count[current_counter]++; table->s->reclength+= field->pack_length(); @@ -18894,6 +18885,7 @@ bool Create_tmp_table::finalize(THD *thd, recinfo->null_pos= (null_pack_base[current_counter] + null_counter[current_counter]/8); field->move_field(pos, null_flags + recinfo->null_pos, recinfo->null_bit); + null_counter[current_counter]++; } else field->move_field(pos,(uchar*) 0,0); @@ -18904,9 +18896,8 @@ bool Create_tmp_table::finalize(THD *thd, null_pack_base[current_counter] + null_counter[current_counter]/8, null_counter[current_counter] & 7); + null_counter[current_counter]+= (field->field_length & 7); } - - add_null_bits_for_field(field, null_counter + current_counter); field->reset(); /*