From 01f18549dd3fa40fae4eb7458ed2994cdec38cc4 Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Tue, 12 Apr 2016 12:34:11 +0200
Subject: [PATCH] Fix for CONC-167: fix crash when fetching MYSQL_TYPE_BIT
 data. MYSQL_TYPE_BIT has no fixed packlength, so we need to check
 net_field_length instead

---
 libmariadb/ma_stmt_codec.c    |  2 +-
 unittest/libmariadb/ps_bugs.c | 50 +++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/libmariadb/ma_stmt_codec.c b/libmariadb/ma_stmt_codec.c
index 966bd42b..719758b6 100644
--- a/libmariadb/ma_stmt_codec.c
+++ b/libmariadb/ma_stmt_codec.c
@@ -1018,7 +1018,7 @@ void mysql_init_ps_subsystem(void)
   mysql_ps_fetch_functions[MYSQL_TYPE_LONG_BLOB].max_len  = -1;
 
   mysql_ps_fetch_functions[MYSQL_TYPE_BIT].func  = ps_fetch_bin;
-  mysql_ps_fetch_functions[MYSQL_TYPE_BIT].pack_len  = 8;
+  mysql_ps_fetch_functions[MYSQL_TYPE_BIT].pack_len  = MYSQL_PS_SKIP_RESULT_STR;
   mysql_ps_fetch_functions[MYSQL_TYPE_BIT].max_len  = -1;
 
   mysql_ps_fetch_functions[MYSQL_TYPE_VAR_STRING].func    = ps_fetch_string;
diff --git a/unittest/libmariadb/ps_bugs.c b/unittest/libmariadb/ps_bugs.c
index bea9dbee..5089d64f 100644
--- a/unittest/libmariadb/ps_bugs.c
+++ b/unittest/libmariadb/ps_bugs.c
@@ -4098,7 +4098,57 @@ static int test_conc168(MYSQL *mysql)
   return OK;
 }
 
+static int test_conc167(MYSQL *mysql)
+{
+  MYSQL_STMT *stmt= mysql_stmt_init(mysql);
+
+  MYSQL_BIND bind[3];
+  char buffer[100];
+  int bit1=0, bit2=0;
+  int rc;
+  char *stmt_str= "SELECT a,b,c FROM conc168";
+
+  rc= mysql_query(mysql, "DROP TABLE IF EXISTS conc168");
+  check_mysql_rc(rc, mysql);
+  rc= mysql_query(mysql, "CREATE TABLE conc168(a bit, b bit, c varchar(10))");
+  check_mysql_rc(rc, mysql);
+  rc= mysql_query(mysql, "INSERT INTO conc168 VALUES (1,0, 'test12345')");
+  check_mysql_rc(rc, mysql);
+
+  memset(bind, 0, 3 * sizeof(MYSQL_BIND));
+  bind[0].buffer= &bit1;
+  bind[0].buffer_type= MYSQL_TYPE_BIT;
+  bind[0].buffer_length= sizeof(int);
+  bind[1].buffer= &bit2;
+  bind[1].buffer_type= MYSQL_TYPE_BIT;
+  bind[1].buffer_length= sizeof(int);
+  bind[2].buffer= buffer;
+  bind[2].buffer_type= MYSQL_TYPE_STRING;
+  bind[2].buffer_length= 100;
+
+  rc= mysql_stmt_prepare(stmt, stmt_str, strlen(stmt_str));
+  check_stmt_rc(rc, stmt);
+
+  rc= mysql_stmt_execute(stmt);
+  check_stmt_rc(rc, stmt);
+
+  rc= mysql_stmt_bind_result(stmt, bind);
+  check_stmt_rc(rc, stmt);
+
+  rc= mysql_stmt_store_result(stmt);
+  check_stmt_rc(rc, stmt);
+
+  rc= mysql_stmt_fetch(stmt);
+  check_stmt_rc(rc, stmt);
+
+  diag("bit=%d %d char=%s", bit1, bit2, buffer);
+
+  mysql_stmt_close(stmt);
+  return OK;
+}
+
 struct my_tests_st my_tests[] = {
+  {"test_conc167", test_conc167, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
   {"test_conc168", test_conc168, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
   {"test_conc155", test_conc155, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
   {"test_conc154", test_conc154, TEST_CONNECTION_DEFAULT, 0, NULL , NULL},