database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-01-06 05:22:24 +03:00
Code Activity

Bug#18539 uncompress(d) is null: impossible?

Browse Source 
- Add a check that length of field to uncompress is longer than 4 bytes.
   This can be dones as the length of uncompressed data is written as 
   first four bytes of field and thus it can't be valid compressed data.
This commit is contained in:
msvensson@neptunus.(none)
2006-07-18 12:41:41 +02:00
parent ec183566cc
commit 2d43d0675e
2 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
mysql-test/r/func_compress.result
View File

@@ -85,12 +85,12 @@ explain select * from t1 where uncompress(a) is null;
id select_type table type possible_keys key key_len ref rows Extra
1 SIMPLE t1 system NULL NULL NULL NULL 1
Warnings:
Error 1256 Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)
Error 1259 ZLIB: Input data corrupted
select * from t1 where uncompress(a) is null;
a
foo
Warnings:
Error 1256 Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)
Error 1259 ZLIB: Input data corrupted
explain select *, uncompress(a) from t1;
id select_type table type possible_keys key key_len ref rows Extra
1 SIMPLE t1 system NULL NULL NULL NULL 1
@@ -98,12 +98,12 @@ select *, uncompress(a) from t1;
a uncompress(a)
foo NULL
Warnings:
Error 1256 Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)
Error 1259 ZLIB: Input data corrupted
select *, uncompress(a), uncompress(a) is null from t1;
a uncompress(a) uncompress(a) is null
foo NULL 1
Warnings:
Error 1256 Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)
Error 1256 Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)
Error 1259 ZLIB: Input data corrupted
Error 1259 ZLIB: Input data corrupted
drop table t1;
End of 5.0 tests

10
sql/item_strfunc.cc
View File

@@ -2965,6 +2965,16 @@ String *Item_func_uncompress::val_str(String *str)
if (res->is_empty())
return res;
/* If length is less than 4 bytes, data is corrupt */
if (res->length() <= 4)
{
push_warning_printf(current_thd,MYSQL_ERROR::WARN_LEVEL_ERROR,
ER_ZLIB_Z_DATA_ERROR,
ER(ER_ZLIB_Z_DATA_ERROR));
goto err;
}
/* Size of uncompressed data is stored as first 4 bytes of field */
new_size= uint4korr(res->ptr()) & 0x3FFFFFFF;
if (new_size > current_thd->variables.max_allowed_packet)
{