From f7ff8f5dd9e99aa480bc7d56dff1a2a642f12b77 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Mon, 4 Jan 2021 12:35:52 +0100 Subject: MDEV-24524 Assertion `ls->length < 0xFFFFFFFFL && ((ls->length == 0 && !ls->str) || ls->length == strlen(ls->str))' failed in String::append on SELECT from I_S don't expect return type of a stored function to be valid. it's read from a table, so can be messed with. it even can contain \0 bytes in the middle of the type name --- mysql-test/main/sp-ucs2.result | 8 +++++++- mysql-test/main/sp-ucs2.test | 14 +++++++++++--- sql/sp.cc | 2 +- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/mysql-test/main/sp-ucs2.result b/mysql-test/main/sp-ucs2.result index ca448efa535..0f5624314d7 100644 --- a/mysql-test/main/sp-ucs2.result +++ b/mysql-test/main/sp-ucs2.result @@ -115,7 +115,6 @@ RETURN 'str'; END| ERROR 42000: COLLATION 'ucs2_unicode_ci' is not valid for CHARACTER SET 'latin1' SET NAMES utf8; -DROP FUNCTION IF EXISTS bug48766; CREATE FUNCTION bug48766 () RETURNS ENUM( 'w' ) CHARACTER SET ucs2 RETURN 0; @@ -140,3 +139,10 @@ WHERE ROUTINE_NAME='bug48766'; DTD_IDENTIFIER enum('а','б','в','г') DROP FUNCTION bug48766; +call mtr.add_suppression('invalid value in column mysql.proc.'); +set collation_connection=ucs2_general_ci; +insert into mysql.proc (db, name, type, specific_name, language, sql_data_access, is_deterministic, security_type, param_list, returns, body, definer, created, modified, sql_mode, comment, character_set_client, collation_connection, db_collation, body_utf8 ) values ( 'a', 'a', 'function', 'bug14233_1', 'sql', 'reads_sql_data', 'no', 'definer', '', 'int(10)', 'select * from mysql.user', 'root@localhost', now(), '0000-00-00 00:00:00', '', '', '', '', '', 'select * from mysql.user' ); +select * from information_schema.routines where routine_name='a'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1 +set collation_connection=default; +delete from mysql.proc where name='a'; diff --git a/mysql-test/main/sp-ucs2.test b/mysql-test/main/sp-ucs2.test index a1aec8071b4..004d62f4cc5 100644 --- a/mysql-test/main/sp-ucs2.test +++ b/mysql-test/main/sp-ucs2.test @@ -151,9 +151,6 @@ delimiter ;| # Bug#48766 SHOW CREATE FUNCTION returns extra data in return clause # SET NAMES utf8; ---disable_warnings -DROP FUNCTION IF EXISTS bug48766; ---enable_warnings # # Test that Latin letters are not prepended with extra '\0'. # @@ -175,3 +172,14 @@ SELECT DTD_IDENTIFIER FROM INFORMATION_SCHEMA.ROUTINES WHERE ROUTINE_NAME='bug48766'; DROP FUNCTION bug48766; + +# +# +# +call mtr.add_suppression('invalid value in column mysql.proc.'); +set collation_connection=ucs2_general_ci; +insert into mysql.proc (db, name, type, specific_name, language, sql_data_access, is_deterministic, security_type, param_list, returns, body, definer, created, modified, sql_mode, comment, character_set_client, collation_connection, db_collation, body_utf8 ) values ( 'a', 'a', 'function', 'bug14233_1', 'sql', 'reads_sql_data', 'no', 'definer', '', 'int(10)', 'select * from mysql.user', 'root@localhost', now(), '0000-00-00 00:00:00', '', '', '', '', '', 'select * from mysql.user' ); +--error ER_PARSE_ERROR +select * from information_schema.routines where routine_name='a'; +set collation_connection=default; +delete from mysql.proc where name='a'; diff --git a/sql/sp.cc b/sql/sp.cc index 98e94ac06cf..a4c4ca58414 100644 --- a/sql/sp.cc +++ b/sql/sp.cc @@ -2948,7 +2948,7 @@ Sp_handler::show_create_sp(THD *thd, String *buf, buf->append(STRING_WITH_LEN(" RETURN ")); else buf->append(STRING_WITH_LEN(" RETURNS ")); - buf->append(&returns); + buf->append(returns.str, returns.length); // Not \0 terminated } buf->append('\n'); switch (chistics.daccess) { -- cgit v1.2.1