diff options
| author | Alexander Barkov <bar@mariadb.com> | 2018-06-19 13:02:02 +0400 |
|---|---|---|
| committer | Alexander Barkov <bar@mariadb.com> | 2018-06-19 13:02:02 +0400 |
| commit | 15b92915ed93661a56f40430204d18bf7b7cf1fc (patch) | |
| tree | 6e56d12a0f36b91b895936ab1f8e6d59c698fa37 | |
| parent | e425216045c7a998139bd953b0aed83c3a085c8c (diff) | |
| download | mariadb-git-15b92915ed93661a56f40430204d18bf7b7cf1fc.tar.gz | |
MDEV-15834 The code in TABLE_SHARE::init_from_binary_frm_image() is not safe
| -rw-r--r-- | mysql-test/std_data/frm/t1.frm | bin | 0 -> 8584 bytes | |||
| -rw-r--r-- | mysql-test/suite/vcol/r/vcol_misc.result | 10 | ||||
| -rw-r--r-- | mysql-test/suite/vcol/t/vcol_misc.test | 16 | ||||
| -rw-r--r-- | sql/table.cc | 6 |
4 files changed, 31 insertions, 1 deletions
diff --git a/mysql-test/std_data/frm/t1.frm b/mysql-test/std_data/frm/t1.frm Binary files differnew file mode 100644 index 00000000000..a998f54ec67 --- /dev/null +++ b/mysql-test/std_data/frm/t1.frm diff --git a/mysql-test/suite/vcol/r/vcol_misc.result b/mysql-test/suite/vcol/r/vcol_misc.result index 0a8d87dc2f7..92be94cbb81 100644 --- a/mysql-test/suite/vcol/r/vcol_misc.result +++ b/mysql-test/suite/vcol/r/vcol_misc.result @@ -354,5 +354,15 @@ a b c DROP TABLE t1; SET sql_mode=DEFAULT; # +# MDEV-15834 The code in TABLE_SHARE::init_from_binary_frm_image() is not safe +# +SHOW TABLES; +Tables_in_test +t1 +SHOW CREATE TABLE t1; +ERROR HY000: Incorrect information in file: './test/t1.frm' +ALTER TABLE t1; +ERROR HY000: Incorrect information in file: './test/t1.frm' +# # End of 5.5 tests # diff --git a/mysql-test/suite/vcol/t/vcol_misc.test b/mysql-test/suite/vcol/t/vcol_misc.test index 1ac0b4f80b7..a123d21d574 100644 --- a/mysql-test/suite/vcol/t/vcol_misc.test +++ b/mysql-test/suite/vcol/t/vcol_misc.test @@ -1,5 +1,7 @@ --source include/have_ucs2.inc +let $MYSQLD_DATADIR= `select @@datadir`; + --disable_warnings drop table if exists t1,t2; --enable_warnings @@ -318,6 +320,20 @@ SELECT * FROM t1; DROP TABLE t1; SET sql_mode=DEFAULT; + +--echo # +--echo # MDEV-15834 The code in TABLE_SHARE::init_from_binary_frm_image() is not safe +--echo # + +--copy_file std_data/frm/t1.frm $MYSQLD_DATADIR/test/t1.frm +SHOW TABLES; +--error ER_NOT_FORM_FILE +SHOW CREATE TABLE t1; +--error ER_NOT_FORM_FILE +ALTER TABLE t1; +--remove_file $MYSQLD_DATADIR/test/t1.frm + + --echo # --echo # End of 5.5 tests --echo # diff --git a/sql/table.cc b/sql/table.cc index 552f514283d..87a249defa0 100644 --- a/sql/table.cc +++ b/sql/table.cc @@ -1462,7 +1462,11 @@ static int open_binary_frm(THD *thd, TABLE_SHARE *share, uchar *head, if ((uchar)field_type == (uchar)MYSQL_TYPE_VIRTUAL) { - DBUG_ASSERT(interval_nr); // Expect non-null expression + if (!interval_nr) // Expect non-null expression + { + error= 4; + goto err; + } /* The interval_id byte in the .frm file stores the length of the expression statement for a virtual column. |