From 22485908ce5eb1ab04869f3636bed0b980613015 Mon Sep 17 00:00:00 2001
From: "cmiller@zippy.(none)" <>
Date: Tue, 11 Jul 2006 13:06:29 -0400
Subject: [PATCH] Bug#20729: Bad date_format() call makes mysql server crash

The problem is that the author used the wrong function to send a warning to the
user about truncation of data.  push_warning() takes a constant string and
push_warning_printf() takes a format and variable arguments to fill it.

Since the string we were complaining about contains percent characters, the
printf() code interprets the "%Y" et c. that the user sends.  That's wrong, and
often causes a crash, especially if the date mentions seconds, "%s".

A alternate fix would be to use  push_warning_printf(..., "%s", warn_buff) .
---
 mysql-test/r/date_formats.result | 6 ++++++
 mysql-test/t/date_formats.test   | 8 +++++++-
 sql/time.cc                      | 2 +-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/date_formats.result b/mysql-test/r/date_formats.result
index 24abdfcf148..04ada125847 100644
--- a/mysql-test/r/date_formats.result
+++ b/mysql-test/r/date_formats.result
@@ -509,3 +509,9 @@ TIME_FORMAT("24:00:00", '%l %p')
 SELECT TIME_FORMAT("25:00:00", '%l %p');
 TIME_FORMAT("25:00:00", '%l %p')
 1 AM
+SELECT DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896);
+DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896)
+NULL
+Warnings:
+Warning	1292	Truncated incorrect datetime value: '%Y-%m-%d %H:%i:%s'
+"End of 4.1 tests"
diff --git a/mysql-test/t/date_formats.test b/mysql-test/t/date_formats.test
index f3d507e69e6..0c227258383 100644
--- a/mysql-test/t/date_formats.test
+++ b/mysql-test/t/date_formats.test
@@ -275,7 +275,6 @@ drop table t1;
 select str_to_date( 1, NULL );
 select str_to_date( NULL, 1 );
 select str_to_date( 1, IF(1=1,NULL,NULL) );
-# End of 4.1 tests
 
 #
 # Bug#11326
@@ -298,3 +297,10 @@ SELECT TIME_FORMAT("12:00:00", '%l %p');
 SELECT TIME_FORMAT("23:00:00", '%l %p');
 SELECT TIME_FORMAT("24:00:00", '%l %p');
 SELECT TIME_FORMAT("25:00:00", '%l %p');
+
+#
+# Bug#20729:  Bad date_format() call makes mysql server crash
+#
+SELECT DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896);
+
+--echo "End of 4.1 tests"
diff --git a/sql/time.cc b/sql/time.cc
index e76b169b336..ef832ac5a70 100644
--- a/sql/time.cc
+++ b/sql/time.cc
@@ -797,7 +797,7 @@ void make_truncated_value_warning(THD *thd, const char *str_val,
   }
   sprintf(warn_buff, ER(ER_TRUNCATED_WRONG_VALUE),
 	  type_str, str.ptr());
-  push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
+  push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
 		      ER_TRUNCATED_WRONG_VALUE, warn_buff);
 }