Skip to content

M
MariaDB
Commit bb17094b authored by Alexander Barkov's avatar Alexander Barkov
Browse files
Options

MDEV-18452 ASAN unknown-crash in Field::set_default upon SET bit_column = DEFAULT 

Field_bit for BIT(20) uses 2 full bytes in the record,
with additional 4 uneven bits in the "null bit area".

Field::set_default() called from Field_bit::set_default() erroneously
copied 3 bytes instead of 2 bytes from the record with default values.

Changing Field::set_default() to copy pack_length_in_rec() bytes
instead of pack_length() bytes.
parent ecea9087
Hide whitespace changes
Inline Side-by-side
Showing with 18 additions and 1 deletion
mysql-test/r/type_bit.result
View file @ bb17094b
......@@ -830,3 +830,10 @@ def COALESCE(val, 1) 246 2 1 Y 32896 0 63
COALESCE(val, 1)
0
DROP TABLE t1;
#
# MDEV-18452 ASAN unknown-crash in Field::set_default upon SET bit_column = DEFAULT
#
CREATE TABLE t1 (b BIT(20)) ENGINE=MyISAM;
INSERT INTO t1 VALUES (0);
UPDATE t1 SET b = DEFAULT;
DROP TABLE t1;
mysql-test/t/type_bit.test
View file @ bb17094b
......@@ -458,3 +458,13 @@ DROP TABLE t2;
SELECT COALESCE(val, 1) FROM t1;
--disable_metadata
DROP TABLE t1;
--echo #
--echo # MDEV-18452 ASAN unknown-crash in Field::set_default upon SET bit_column = DEFAULT
--echo #
CREATE TABLE t1 (b BIT(20)) ENGINE=MyISAM;
INSERT INTO t1 VALUES (0);
UPDATE t1 SET b = DEFAULT;
DROP TABLE t1;
sql/field.h
View file @ bb17094b
......@@ -854,7 +854,7 @@ class Field: public Value_source
{
my_ptrdiff_t l_offset= (my_ptrdiff_t) (table->s->default_values -
table->record[0]);
memcpy(ptr, ptr + l_offset, pack_length());
memcpy(ptr, ptr + l_offset, pack_length_in_rec());
if (maybe_null_in_table())
*null_ptr= ((*null_ptr & (uchar) ~null_bit) |
(null_ptr[l_offset] & null_bit));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7