database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Fix for bug #42803: Field_bit does not have unsigned_flag field,

Browse Source 
can lead to bad memory access

Problem: Field_bit is the only field which returns INT_RESULT
and doesn't have unsigned flag. As it's not a descendant of the 
Field_num, so using ((Field_num *) field_bit)->unsigned_flag may lead
to unpredictable results.

Fix: check the field type before casting.
This commit is contained in:
Ramil Kalimullin
2009-10-08 16:56:31 +05:00
parent 14f7667387
commit 99318017d5
3 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
mysql-test/r/type_bit.result
View File

@ -749,4 +749,14 @@ bin(a1)
110000111111111 110000111111111
110001011111111 110001011111111
drop table t1bit7, t2bit7; drop table t1bit7, t2bit7;
#
# Bug42803: Field_bit does not have unsigned_flag field,
# can lead to bad memory access
#
CREATE TABLE t1 (a BIT(7), b BIT(9), KEY(a, b));
INSERT INTO t1 VALUES(0, 0), (5, 3), (5, 6), (6, 4), (7, 0);
EXPLAIN SELECT a+0, b+0 FROM t1 WHERE a > 4 and b < 7 ORDER BY 2;
id select_type table type possible_keys key key_len ref rows Extra
1 SIMPLE t1 range a a 2 NULL 4 Using where; Using index; Using filesort
DROP TABLE t1;
End of 5.0 tests End of 5.0 tests

11
mysql-test/t/type_bit.test
View File

@ -397,4 +397,15 @@ insert into t2bit7 values (b'110011011111111');
select bin(a1) from t1bit7, t2bit7 where t1bit7.a1=t2bit7.b1; select bin(a1) from t1bit7, t2bit7 where t1bit7.a1=t2bit7.b1;
drop table t1bit7, t2bit7; drop table t1bit7, t2bit7;
--echo #
--echo # Bug42803: Field_bit does not have unsigned_flag field,
--echo # can lead to bad memory access
--echo #
CREATE TABLE t1 (a BIT(7), b BIT(9), KEY(a, b));
INSERT INTO t1 VALUES(0, 0), (5, 3), (5, 6), (6, 4), (7, 0);
EXPLAIN SELECT a+0, b+0 FROM t1 WHERE a > 4 and b < 7 ORDER BY 2;
DROP TABLE t1;
--echo End of 5.0 tests --echo End of 5.0 tests

5
sql/opt_range.cc
View File

@ -4536,6 +4536,7 @@ get_mm_leaf(PARAM *param, COND *conf_func, Field *field, KEY_PART *key_part,
if (type == Item_func::LT_FUNC && (value->val_int() > 0)) if (type == Item_func::LT_FUNC && (value->val_int() > 0))
type = Item_func::LE_FUNC; type = Item_func::LE_FUNC;
else if (type == Item_func::GT_FUNC && else if (type == Item_func::GT_FUNC &&
(field->type() != FIELD_TYPE_BIT) &&
!((Field_num*)field)->unsigned_flag && !((Field_num*)field)->unsigned_flag &&
!((Item_int*)value)->unsigned_flag && !((Item_int*)value)->unsigned_flag &&
(value->val_int() < 0)) (value->val_int() < 0))
@ -4572,7 +4573,9 @@ get_mm_leaf(PARAM *param, COND *conf_func, Field *field, KEY_PART *key_part,
*/ */
if (field->result_type() == INT_RESULT && if (field->result_type() == INT_RESULT &&
value->result_type() == INT_RESULT && value->result_type() == INT_RESULT &&
((Field_num*)field)->unsigned_flag && !((Item_int*)value)->unsigned_flag) ((field->type() == FIELD_TYPE_BIT ||
((Field_num *) field)->unsigned_flag) &&
!((Item_int*) value)->unsigned_flag))
{ {
longlong item_val= value->val_int(); longlong item_val= value->val_int();
if (item_val < 0) if (item_val < 0)