Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
mysql5
>
mysql-5.0.26
> mysql-5.0.26-CVE-2008-3963.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File mysql-5.0.26-CVE-2008-3963.patch of Package mysql-5.0.26
--- mysql-test/r/varbinary.result | 31 +++++++++++++++++++++++++++++++ mysql-test/t/varbinary.test | 28 ++++++++++++++++++++++++++++ sql/item.cc | 29 ++++++++++++++++++----------- 3 files changed, 77 insertions(+), 11 deletions(-) --- mysql-test/r/varbinary.result.orig +++ mysql-test/r/varbinary.result @@ -26,3 +26,34 @@ select x,xx from t1; x xx 1 2 drop table t1; +select 0b01000001; +0b01000001 +A +select 0x41; +0x41 +A +select b'01000001'; +b'01000001' +A +select x'41', 0+x'41'; +x'41' 0+x'41' +A 65 +select N'abc', length(N'abc'); +abc length(N'abc') +abc 3 +select N'', length(N''); + length(N'') + 0 +select '', length(''); + length('') + 0 +select b'', 0+b''; +b'' 0+b'' + 0 +select x'', 0+x''; +x'' 0+x'' + 0 +select 0x; +ERROR 42S22: Unknown column '0x' in 'field list' +select 0b; +ERROR 42S22: Unknown column '0b' in 'field list' --- mysql-test/t/varbinary.test.orig +++ mysql-test/t/varbinary.test @@ -36,4 +36,32 @@ create table t1 select 1 as x, 2 as xx; select x,xx from t1; drop table t1; +# +# Bug#35658 (An empty binary value leads to mysqld crash) +# + +select 0b01000001; + +select 0x41; + +select b'01000001'; + +select x'41', 0+x'41'; + +select N'abc', length(N'abc'); + +select N'', length(N''); + +select '', length(''); + +select b'', 0+b''; + +select x'', 0+x''; + +--error ER_BAD_FIELD_ERROR +select 0x; + +--error ER_BAD_FIELD_ERROR +select 0b; + # End of 4.1 tests --- sql/item.cc.orig +++ sql/item.cc @@ -4517,21 +4517,28 @@ Item_bin_string::Item_bin_string(const c if (!ptr) return; str_value.set(ptr, max_length, &my_charset_bin); - ptr+= max_length - 1; - ptr[1]= 0; // Set end null for string - for (; end >= str; end--) + + if (max_length > 0) { - if (power == 256) + ptr+= max_length - 1; + ptr[1]= 0; // Set end null for string + for (; end >= str; end--) { - power= 1; - *ptr--= bits; - bits= 0; + if (power == 256) + { + power= 1; + *ptr--= bits; + bits= 0; + } + if (*end == '1') + bits|= power; + power<<= 1; } - if (*end == '1') - bits|= power; - power<<= 1; + *ptr= (char) bits; } - *ptr= (char) bits; + else + ptr[0]= 0; + collation.set(&my_charset_bin, DERIVATION_COERCIBLE); fixed= 1; }