Commit 8a2ef0a2 authored by bar@mysql.com's avatar bar@mysql.com

Bug#6608: MySQL server crash in some query with tis620 character set.

The bug was that the function allocates 'a', then changes the value
of 'a' with the operator ++, and then tries to free 'a'!
parent b7cfe5ec
......@@ -2899,3 +2899,41 @@ hex(a) STRCMP(a,'a') STRCMP(a,'a ')
6109 -1 -1
61 0 0
DROP TABLE t1;
CREATE TABLE t1 (
`id` int(11) NOT NULL auto_increment,
`url` varchar(200) NOT NULL default '',
`name` varchar(250) NOT NULL default '',
`type` int(11) NOT NULL default '0',
`website` varchar(250) NOT NULL default '',
`adddate` date NOT NULL default '0000-00-00',
`size` varchar(20) NOT NULL default '',
`movieid` int(11) NOT NULL default '0',
`musicid` int(11) NOT NULL default '0',
`star` varchar(20) NOT NULL default '',
`download` int(11) NOT NULL default '0',
`lastweek` int(11) NOT NULL default '0',
`thisweek` int(11) NOT NULL default '0',
`page` varchar(250) NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `url` (`url`)
) CHARACTER SET tis620;
INSERT INTO t1 VALUES
(1,'http://www.siamzone.com/download/download/000001-frodo_1024.jpg','The Lord
of the Rings
Wallpapers',1,'http://www.lordoftherings.net','2002-01-22','',448,0,'',3805,0,0,
'');
INSERT INTO t1 VALUES (2,'http://www.othemovie.com/OScreenSaver1.EXE','O
Screensaver',2,'','2002-01-22','',491,0,'',519,0,0,'');
INSERT INTO t1 VALUES
(3,'http://www.siamzone.com/download/download/000003-jasonx2(800x600).jpg','Jaso
n X Wallpapers',1,'','2002-05-31','',579,0,'',1091,0,0,'');
select * from t1 order by id;
id url name type website adddate size movieid musicid star download lastweek thisweek page
1 http://www.siamzone.com/download/download/000001-frodo_1024.jpg The Lord
of the Rings
Wallpapers 1 http://www.lordoftherings.net 2002-01-22 448 0 3805 0 0
2 http://www.othemovie.com/OScreenSaver1.EXE O
Screensaver 2 2002-01-22 491 0 519 0 0
3 http://www.siamzone.com/download/download/000003-jasonx2(800x600).jpg Jaso
n X Wallpapers 1 2002-05-31 579 0 1091 0 0
DROP TABLE t1;
......@@ -116,3 +116,38 @@ CREATE TABLE t1 (a char(10) not null) CHARACTER SET tis620;
INSERT INTO t1 VALUES ('a'),('a\0'),('a\t'),('a ');
SELECT hex(a),STRCMP(a,'a'), STRCMP(a,'a ') FROM t1;
DROP TABLE t1;
#
# Bug#6608
#
CREATE TABLE t1 (
`id` int(11) NOT NULL auto_increment,
`url` varchar(200) NOT NULL default '',
`name` varchar(250) NOT NULL default '',
`type` int(11) NOT NULL default '0',
`website` varchar(250) NOT NULL default '',
`adddate` date NOT NULL default '0000-00-00',
`size` varchar(20) NOT NULL default '',
`movieid` int(11) NOT NULL default '0',
`musicid` int(11) NOT NULL default '0',
`star` varchar(20) NOT NULL default '',
`download` int(11) NOT NULL default '0',
`lastweek` int(11) NOT NULL default '0',
`thisweek` int(11) NOT NULL default '0',
`page` varchar(250) NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `url` (`url`)
) CHARACTER SET tis620;
INSERT INTO t1 VALUES
(1,'http://www.siamzone.com/download/download/000001-frodo_1024.jpg','The Lord
of the Rings
Wallpapers',1,'http://www.lordoftherings.net','2002-01-22','',448,0,'',3805,0,0,
'');
INSERT INTO t1 VALUES (2,'http://www.othemovie.com/OScreenSaver1.EXE','O
Screensaver',2,'','2002-01-22','',491,0,'',519,0,0,'');
INSERT INTO t1 VALUES
(3,'http://www.siamzone.com/download/download/000003-jasonx2(800x600).jpg','Jaso
n X Wallpapers',1,'','2002-05-31','',579,0,'',1091,0,0,'');
select * from t1 order by id;
DROP TABLE t1;
......@@ -562,17 +562,13 @@ int my_strnncollsp_tis620(CHARSET_INFO * cs __attribute__((unused)),
const uchar *b0, uint b_length)
{
uchar buf[80] ;
uchar *end, *a, *b;
uchar *end, *a, *b, *alloced= NULL;
uint length;
int res= 0;
int alloced= 0;
a= buf;
if ((a_length + b_length +2) > (int) sizeof(buf))
{
a= (uchar*) malloc(a_length+b_length);
alloced= 1;
}
alloced= a= (uchar*) malloc(a_length+b_length);
b= a + a_length+1;
memcpy((char*) a, (char*) a0, a_length);
......@@ -618,7 +614,7 @@ int my_strnncollsp_tis620(CHARSET_INFO * cs __attribute__((unused)),
ret:
if (alloced)
free(a);
free(alloced);
return res;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment