From 04c5cdffeb419f7679d8c300a4dccb56c23958fa Mon Sep 17 00:00:00 2001 From: Varun Gupta Date: Tue, 9 Jun 2020 10:23:47 +0530 Subject: [PATCH] MDEV-22836: Server crashes in err_conv / ErrBuff::set_str The issue here is charset for Sort_param::tmp_buffer is cleared when bzero is done for Sort_param. Make sure to set the charset explicitly in the constructor for tmp_buffer. --- mysql-test/main/order_by.result | 10 ++++++++++ mysql-test/main/order_by.test | 11 +++++++++++ sql/sql_sort.h | 5 +++++ 3 files changed, 26 insertions(+) diff --git a/mysql-test/main/order_by.result b/mysql-test/main/order_by.result index cc10ab6f1a1..c750b5ca10c 100644 --- a/mysql-test/main/order_by.result +++ b/mysql-test/main/order_by.result @@ -3955,4 +3955,14 @@ ORDER BY surname_first ASC LIMIT 1 OFFSET 1; name surname_first Charles Dickens Dickens, Charles DROP TABLE t1; +# +# MDEV-22836: Server crashes in err_conv / ErrBuff::set_str +# +CREATE TABLE t1 (a INT); +INSERT INTO t1 VALUES (0),(1); +SELECT * FROM t1 ORDER BY CONVERT(AES_ENCRYPT(1,a), CHAR(4)); +a +1 +0 +DROP TABLE t1; # End of 10.5 tests diff --git a/mysql-test/main/order_by.test b/mysql-test/main/order_by.test index 41a2403cff5..c78add674ba 100644 --- a/mysql-test/main/order_by.test +++ b/mysql-test/main/order_by.test @@ -2454,4 +2454,15 @@ ORDER BY surname_first ASC LIMIT 1 OFFSET 1; DROP TABLE t1; +--echo # +--echo # MDEV-22836: Server crashes in err_conv / ErrBuff::set_str +--echo # + +CREATE TABLE t1 (a INT); +INSERT INTO t1 VALUES (0),(1); +--disable_warnings +SELECT * FROM t1 ORDER BY CONVERT(AES_ENCRYPT(1,a), CHAR(4)); +--enable_warnings +DROP TABLE t1; + --echo # End of 10.5 tests diff --git a/sql/sql_sort.h b/sql/sql_sort.h index cff54f18bde..40f0c5ede5f 100644 --- a/sql/sql_sort.h +++ b/sql/sql_sort.h @@ -545,6 +545,11 @@ public: { memset(reinterpret_cast(this), 0, sizeof(*this)); tmp_buffer.set_thread_specific(); + /* + Fix memset() clearing the charset. + TODO: The constructor should be eventually rewritten not to use memset(). + */ + tmp_buffer.set_charset(&my_charset_bin); } void init_for_filesort(uint sortlen, TABLE *table, ha_rows maxrows, bool sort_positions);