From 0b62b7f26d2bef58983f7c7e8b288dd9bce0cdcc Mon Sep 17 00:00:00 2001 From: Alexey Kopytov Date: Wed, 20 May 2009 12:30:06 +0400 Subject: Bug #44796: valgrind: too many my_longlong10_to_str_8bit warnings after uncompressed_length UNCOMPRESSED_LENGTH() did not validate its argument. In particular, if the argument length was less than 4 bytes, an uninitialized memory value was returned as a result. Since the result of COMPRESS() is either an empty string or a 4-byte length prefix followed by compressed data, the bug was fixed by ensuring that the argument of UNCOMPRESSED_LENGTH() is either an empty string or contains at least 5 bytes (as done in UNCOMPRESS()). This is the best we can do to validate input without decompressing. mysql-test/r/func_compress.result: Added a test case for bug #44796. mysql-test/t/func_compress.test: Added a test case for bug #44796. sql/item_strfunc.cc: Make sure that the argument of UNCOMPRESSED_LENGTH() contains at least 5 bytes (as done in UNCOMPRESS()). --- mysql-test/r/func_compress.result | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'mysql-test/r/func_compress.result') diff --git a/mysql-test/r/func_compress.result b/mysql-test/r/func_compress.result index 4a3454cf658..a30ca7859f1 100644 --- a/mysql-test/r/func_compress.result +++ b/mysql-test/r/func_compress.result @@ -116,4 +116,19 @@ Warnings: Error 1259 ZLIB: Input data corrupted Error 1259 ZLIB: Input data corrupted drop table t1; +CREATE TABLE t1 (c1 INT); +INSERT INTO t1 VALUES (1), (1111), (11111); +SELECT UNCOMPRESS(c1), UNCOMPRESSED_LENGTH(c1) FROM t1; +UNCOMPRESS(c1) UNCOMPRESSED_LENGTH(c1) +NULL NULL +NULL NULL +NULL 825307441 +Warnings: +Error 1259 ZLIB: Input data corrupted +Error 1259 ZLIB: Input data corrupted +Error 1259 ZLIB: Input data corrupted +Error 1259 ZLIB: Input data corrupted +Error 1256 Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted) +EXPLAIN EXTENDED SELECT * FROM (SELECT UNCOMPRESSED_LENGTH(c1) FROM t1) AS s; +DROP TABLE t1; End of 5.0 tests -- cgit v1.2.1