Bug#18539 uncompress(d) is null: impossible?

- Add a check that length of field to uncompress is longer than 4 bytes. This can be dones as the length of uncompressed data is written as first four bytes of field and thus it can't be valid compressed data. mysql-test/r/func_compress.result: Update test results sql/item_strfunc.cc: Is size of field is less than or equal to 4 bytes, indicate data is uncompressable/corrupt.
2025-08-01 03:47:19 +03:00 · 2006-07-18 12:41:41 +02:00
parent b46c81e109
commit 7f2140d3ed
2 changed files with 15 additions and 5 deletions
--- a/mysql-test/r/func_compress.result
+++ b/mysql-test/r/func_compress.result
@ -85,12 +85,12 @@ explain select * from t1 where uncompress(a) is null;
 id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 1	SIMPLE	t1	system	NULL	NULL	NULL	NULL	1	
 Warnings:
-Error	1256	Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)
+Error	1259	ZLIB: Input data corrupted
 select * from t1 where uncompress(a) is null;
 a
 foo
 Warnings:
-Error	1256	Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)
+Error	1259	ZLIB: Input data corrupted
 explain select *, uncompress(a) from t1;
 id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 1	SIMPLE	t1	system	NULL	NULL	NULL	NULL	1	
@ -98,12 +98,12 @@ select *, uncompress(a) from t1;
 a	uncompress(a)
 foo	NULL
 Warnings:
-Error	1256	Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)
+Error	1259	ZLIB: Input data corrupted
 select *, uncompress(a), uncompress(a) is null from t1;
 a	uncompress(a)	uncompress(a) is null
 foo	NULL	1
 Warnings:
-Error	1256	Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)
-Error	1256	Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)
+Error	1259	ZLIB: Input data corrupted
+Error	1259	ZLIB: Input data corrupted
 drop table t1;
 End of 5.0 tests
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@ -2965,6 +2965,16 @@ String *Item_func_uncompress::val_str(String *str)
  if (res->is_empty())
    return res;

+  /* If length is less than 4 bytes, data is corrupt */
+  if (res->length() <= 4)
+  {
+    push_warning_printf(current_thd,MYSQL_ERROR::WARN_LEVEL_ERROR,
+			ER_ZLIB_Z_DATA_ERROR,
+			ER(ER_ZLIB_Z_DATA_ERROR));
+    goto err;
+  }
+
+  /* Size of uncompressed data is stored as first 4 bytes of field */
  new_size= uint4korr(res->ptr()) & 0x3FFFFFFF;
  if (new_size > current_thd->variables.max_allowed_packet)
  {