From b889488ae962f5a90e32c9057a2af17e41f4c0c5 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 4 Oct 2007 10:20:00 +0500 Subject: Fix for bug #31069: crash in 'sounds like' and for bug #31070: crash during conversion of charsets Problem: passing a 0 byte length string to some my_mb_wc_XXX() functions leads to server crash due to improper argument check. Fix: properly check arguments passed to my_mb_wc_XXX() functions. mysql-test/include/ctype_common.inc: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - test case. mysql-test/r/ctype_big5.result: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - test result. mysql-test/r/ctype_euckr.result: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - test result. mysql-test/r/ctype_gb2312.result: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - test result. mysql-test/r/ctype_gbk.result: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - test result. mysql-test/r/ctype_uca.result: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - test result. strings/ctype-big5.c: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - check the string length before testing its first byte. strings/ctype-cp932.c: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - check the string length before testing its first byte. strings/ctype-euc_kr.c: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - check the string length before testing its first byte. strings/ctype-gb2312.c: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - check the string length before testing its first byte. strings/ctype-sjis.c: Fix for bug #31069: crash in 'sounds like' and bug #31070: crash during conversion of charsets - check the string length before testing its first byte. --- mysql-test/include/ctype_common.inc | 9 +++++++++ mysql-test/r/ctype_big5.result | 11 +++++++++++ mysql-test/r/ctype_euckr.result | 11 +++++++++++ mysql-test/r/ctype_gb2312.result | 11 +++++++++++ mysql-test/r/ctype_gbk.result | 11 +++++++++++ mysql-test/r/ctype_uca.result | 11 +++++++++++ strings/ctype-big5.c | 4 ++-- strings/ctype-cp932.c | 4 ++-- strings/ctype-euc_kr.c | 4 ++-- strings/ctype-gb2312.c | 4 +--- strings/ctype-sjis.c | 4 ++-- 11 files changed, 73 insertions(+), 11 deletions(-) diff --git a/mysql-test/include/ctype_common.inc b/mysql-test/include/ctype_common.inc index 202c508a9c9..9ee0a40c8ce 100644 --- a/mysql-test/include/ctype_common.inc +++ b/mysql-test/include/ctype_common.inc @@ -51,6 +51,15 @@ SELECT c1 as want1result from t1 where c1 like 'locatio%'; SELECT c1 as want1result from t1 where c1 like 'location%'; DROP TABLE t1; +# +# Bug #31070: crash during conversion of charsets +# +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +select a sounds like a from t1; +drop table t1; + DROP DATABASE d1; # Restore settings USE test; diff --git a/mysql-test/r/ctype_big5.result b/mysql-test/r/ctype_big5.result index 6574908101c..a2651db6308 100644 --- a/mysql-test/r/ctype_big5.result +++ b/mysql-test/r/ctype_big5.result @@ -52,6 +52,17 @@ SELECT c1 as want1result from t1 where c1 like 'location%'; want1result location DROP TABLE t1; +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +cast(a as char(1)) + + +select a sounds like a from t1; +a sounds like a +1 +1 +drop table t1; DROP DATABASE d1; USE test; SET character_set_server= @safe_character_set_server; diff --git a/mysql-test/r/ctype_euckr.result b/mysql-test/r/ctype_euckr.result index 6017bc07763..2d9f8d217e6 100644 --- a/mysql-test/r/ctype_euckr.result +++ b/mysql-test/r/ctype_euckr.result @@ -52,6 +52,17 @@ SELECT c1 as want1result from t1 where c1 like 'location%'; want1result location DROP TABLE t1; +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +cast(a as char(1)) + + +select a sounds like a from t1; +a sounds like a +1 +1 +drop table t1; DROP DATABASE d1; USE test; SET character_set_server= @safe_character_set_server; diff --git a/mysql-test/r/ctype_gb2312.result b/mysql-test/r/ctype_gb2312.result index 314c336bab9..04c318e83a8 100644 --- a/mysql-test/r/ctype_gb2312.result +++ b/mysql-test/r/ctype_gb2312.result @@ -52,6 +52,17 @@ SELECT c1 as want1result from t1 where c1 like 'location%'; want1result location DROP TABLE t1; +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +cast(a as char(1)) + + +select a sounds like a from t1; +a sounds like a +1 +1 +drop table t1; DROP DATABASE d1; USE test; SET character_set_server= @safe_character_set_server; diff --git a/mysql-test/r/ctype_gbk.result b/mysql-test/r/ctype_gbk.result index 241539ecf42..064c0bc2acf 100644 --- a/mysql-test/r/ctype_gbk.result +++ b/mysql-test/r/ctype_gbk.result @@ -52,6 +52,17 @@ SELECT c1 as want1result from t1 where c1 like 'location%'; want1result location DROP TABLE t1; +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +cast(a as char(1)) + + +select a sounds like a from t1; +a sounds like a +1 +1 +drop table t1; DROP DATABASE d1; USE test; SET character_set_server= @safe_character_set_server; diff --git a/mysql-test/r/ctype_uca.result b/mysql-test/r/ctype_uca.result index 91ee427efb4..3d8bd33fb19 100644 --- a/mysql-test/r/ctype_uca.result +++ b/mysql-test/r/ctype_uca.result @@ -2371,6 +2371,17 @@ SELECT c1 as want1result from t1 where c1 like 'location%'; want1result location DROP TABLE t1; +create table t1 (a set('a') not null); +insert into t1 values (),(); +select cast(a as char(1)) from t1; +cast(a as char(1)) + + +select a sounds like a from t1; +a sounds like a +1 +1 +drop table t1; DROP DATABASE d1; USE test; SET character_set_server= @safe_character_set_server; diff --git a/strings/ctype-big5.c b/strings/ctype-big5.c index 89a40b15288..90917229769 100644 --- a/strings/ctype-big5.c +++ b/strings/ctype-big5.c @@ -6256,12 +6256,12 @@ my_mb_wc_big5(CHARSET_INFO *cs __attribute__((unused)), my_wc_t *pwc,const uchar *s,const uchar *e) { - int hi=s[0]; + int hi; if (s >= e) return MY_CS_TOOSMALL; - if (hi<0x80) + if ((hi= s[0]) < 0x80) { pwc[0]=hi; return 1; diff --git a/strings/ctype-cp932.c b/strings/ctype-cp932.c index e8c62b0315e..3752b2e4118 100644 --- a/strings/ctype-cp932.c +++ b/strings/ctype-cp932.c @@ -5352,12 +5352,12 @@ my_wc_mb_cp932(CHARSET_INFO *cs __attribute__((unused)), static int my_mb_wc_cp932(CHARSET_INFO *cs __attribute__((unused)), my_wc_t *pwc, const uchar *s, const uchar *e){ - int hi=s[0]; + int hi; if (s >= e) return MY_CS_TOOSMALL; - if (hi < 0x80) + if ((hi= s[0]) < 0x80) { pwc[0]=hi; return 1; diff --git a/strings/ctype-euc_kr.c b/strings/ctype-euc_kr.c index 25ac416ac60..50300f3c140 100644 --- a/strings/ctype-euc_kr.c +++ b/strings/ctype-euc_kr.c @@ -8614,12 +8614,12 @@ my_mb_wc_euc_kr(CHARSET_INFO *cs __attribute__((unused)), my_wc_t *pwc, const uchar *s, const uchar *e) { - int hi=s[0]; + int hi; if (s >= e) return MY_CS_TOOSMALL; - if (hi<0x80) + if ((hi= s[0]) < 0x80) { pwc[0]=hi; return 1; diff --git a/strings/ctype-gb2312.c b/strings/ctype-gb2312.c index 556f485945b..e81f9d3cf0c 100644 --- a/strings/ctype-gb2312.c +++ b/strings/ctype-gb2312.c @@ -5665,12 +5665,10 @@ my_mb_wc_gb2312(CHARSET_INFO *cs __attribute__((unused)), my_wc_t *pwc, const uchar *s, const uchar *e){ int hi; - hi=(int) s[0]; - if (s >= e) return MY_CS_TOOSMALL; - if (hi<0x80) + if ((hi= s[0]) < 0x80) { pwc[0]=hi; return 1; diff --git a/strings/ctype-sjis.c b/strings/ctype-sjis.c index 38a9c9a6428..92d6b4dc2ae 100644 --- a/strings/ctype-sjis.c +++ b/strings/ctype-sjis.c @@ -4512,12 +4512,12 @@ mb: static int my_mb_wc_sjis(CHARSET_INFO *cs __attribute__((unused)), my_wc_t *pwc, const uchar *s, const uchar *e){ - int hi=s[0]; + int hi; if (s >= e) return MY_CS_TOOSMALL; - if (hi < 0x80) + if ((hi= s[0]) < 0x80) { pwc[0]=hi; return 1; -- cgit v1.2.1