-
unknown authored
Grouping or ordering of long values in not indexed BLOB/TEXT columns with GBK or BIG5 charsets crashes the server. MySQL server uses sorting (the filesort procedure) in the temporary table to evaluate the GROUP BY clause in case of lack of suitable index. That procedure takes into account only first @max_sort_length bytes (system variable, usually 1024) of TEXT/BLOB sorting key string. The my_strnxfrm_gbk and my_strnxfrm_big5 fill temporary keys with data of whole blob length instead of @max_sort_length bytes length. That buffer overrun has been fixed. mysql-test/r/ctype_gbk.result: Added test case for bug #35993. mysql-test/t/ctype_gbk.test: Added test case for bug #35993. strings/ctype-big5.c: Fixed bug #35993: memory corruption and crash with multibyte conversion. Buffer overrun has been fixed in the my_strnxfrm_big5 function. strings/ctype-gbk.c: Fixed bug #35993: memory corruption and crash with multibyte conversion. Buffer overrun has been fixed in the my_strnxfrm_gbk function.
d8ebf276
