From cc26bc94662762b7c650d62f40a37ac13f7f65ce Mon Sep 17 00:00:00 2001
From: Georgi Kodinov <kgeorge@mysql.com>
Date: Fri, 5 Sep 2008 18:21:59 +0300
Subject: [PATCH] Bug #38701: Crash in String::append when inserting duplicate
 empty strings an uft8 SET col

When reporting a duplicate key error the server was making incorrect assumptions
on what the state of the value string to include in the error is.

Fixed by accessing the data in this string in a "safe" way (without relying on it
having a terminating 0).

Detected by code analysis and fixed a similar problem in reporting the foreign key
duplicate errors.

mysql-test/r/type_set.result:
  Bug #38701: test case
mysql-test/t/type_set.test:
  Bug #38701: test case
sql/handler.cc:
  Bug #38701: don't rely on the presence of a terminating 0 in the string
---
 mysql-test/r/type_set.result | 10 ++++++++++
 mysql-test/t/type_set.test   | 19 +++++++++++++++++++
 sql/handler.cc               |  4 ++--
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/type_set.result b/mysql-test/r/type_set.result
index e36f21f2996..09531ec60d5 100644
--- a/mysql-test/r/type_set.result
+++ b/mysql-test/r/type_set.result
@@ -93,4 +93,14 @@ c
 1,2,3
 64
 DROP TABLE t1;
+CREATE TABLE t1 (
+set_unique_utf8 set ('a','b','c','d','e','f','g','h','i','j','k','l',
+'m','n','o','p','q','r','s','t','u','v','w','x',
+'y','z') CHARACTER SET utf8,
+unique (set_unique_utf8)
+);
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+ERROR 23000: Duplicate entry '' for key 'set_unique_utf8'
+DROP TABLE t1;
 End of 5.0 tests
diff --git a/mysql-test/t/type_set.test b/mysql-test/t/type_set.test
index e98555e137b..a851d116743 100644
--- a/mysql-test/t/type_set.test
+++ b/mysql-test/t/type_set.test
@@ -75,4 +75,23 @@ INSERT INTO t1 VALUES(9223372036854775808);
 SELECT * FROM t1;
 DROP TABLE t1;
 
+#
+# Bug #38701: Crash in String::append when inserting duplicate empty strings
+# an uft8 SET col
+#
+
+CREATE TABLE t1 (
+        set_unique_utf8 set ('a','b','c','d','e','f','g','h','i','j','k','l',
+                             'm','n','o','p','q','r','s','t','u','v','w','x',
+                             'y','z') CHARACTER SET utf8,
+        unique (set_unique_utf8)
+);
+
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+--error ER_DUP_ENTRY 
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+
+DROP TABLE t1;
+
+
 --echo End of 5.0 tests
diff --git a/sql/handler.cc b/sql/handler.cc
index cc2db397ad4..f26e84bdfdf 100644
--- a/sql/handler.cc
+++ b/sql/handler.cc
@@ -2496,7 +2496,7 @@ void handler::print_keydup_error(uint key_nr, const char *msg)
       str.append(STRING_WITH_LEN("..."));
     }
     my_printf_error(ER_DUP_ENTRY, msg,
-		    MYF(0), str.c_ptr(), table->key_info[key_nr].name);
+		    MYF(0), str.c_ptr_safe(), table->key_info[key_nr].name);
   }
 }
 
@@ -2564,7 +2564,7 @@ void handler::print_error(int error, myf errflag)
         str.append(STRING_WITH_LEN("..."));
       }
       my_error(ER_FOREIGN_DUPLICATE_KEY, MYF(0), table_share->table_name.str,
-        str.c_ptr(), key_nr+1);
+        str.c_ptr_safe(), key_nr+1);
       DBUG_VOID_RETURN;
     }
     textno= ER_DUP_KEY;