From e8adc3f74be7c8c8e81e59b1f5927bedf4a561bb Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 17 Oct 2007 14:28:00 +0500 Subject: [PATCH 1/2] Fix for bug#31615: crash after set names ucs2 collate xxx Problem: currently, UCS-2 cannot be used as a client character set. Fix: raise an error if one attempts to set it to USC-2. mysql-test/r/ctype_ucs.result: Fix for bug#31615: crash after set names ucs2 collate xxx - test result. mysql-test/t/ctype_ucs.test: Fix for bug#31615: crash after set names ucs2 collate xxx - test case. sql/set_var.cc: Fix for bug#31615: crash after set names ucs2 collate xxx - raise an error if one is going to set character_set_client to UCS-2. sql/set_var.h: Fix for bug#31615: crash after set names ucs2 collate xxx - raise an error if one is going to set character_set_client to UCS-2. --- mysql-test/r/ctype_ucs.result | 8 ++++++++ mysql-test/t/ctype_ucs.test | 12 ++++++++++++ sql/set_var.cc | 22 ++++++++++++++++++++++ sql/set_var.h | 1 + 4 files changed, 43 insertions(+) diff --git a/mysql-test/r/ctype_ucs.result b/mysql-test/r/ctype_ucs.result index bf827209795..befbd04f63d 100644 --- a/mysql-test/r/ctype_ucs.result +++ b/mysql-test/r/ctype_ucs.result @@ -803,4 +803,12 @@ quote(name) ???????? ???????????????? drop table bug20536; +set names ucs2; +ERROR 42000: Variable 'character_set_client' can't be set to the value of 'ucs2' +set names ucs2 collate ucs2_bin; +ERROR 42000: Variable 'character_set_client' can't be set to the value of 'ucs2' +set character_set_client= ucs2; +ERROR 42000: Variable 'character_set_client' can't be set to the value of 'ucs2' +set character_set_client= concat('ucs', substr('2', 1)); +ERROR 42000: Variable 'character_set_client' can't be set to the value of 'ucs2' End of 4.1 tests diff --git a/mysql-test/t/ctype_ucs.test b/mysql-test/t/ctype_ucs.test index 10559d33eb3..9e6bd0e95e6 100644 --- a/mysql-test/t/ctype_ucs.test +++ b/mysql-test/t/ctype_ucs.test @@ -535,4 +535,16 @@ select quote(name) from bug20536; drop table bug20536; +# +# Bug #31615: crash after set names ucs2 collate xxx +# +--error 1231 +set names ucs2; +--error 1231 +set names ucs2 collate ucs2_bin; +--error 1231 +set character_set_client= ucs2; +--error 1231 +set character_set_client= concat('ucs', substr('2', 1)); + --echo End of 4.1 tests diff --git a/sql/set_var.cc b/sql/set_var.cc index 520ee5c9f70..275252c4960 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -1992,6 +1992,21 @@ void sys_var_character_set_client::set_default(THD *thd, enum_var_type type) } +bool sys_var_character_set_client::check(THD *thd, set_var *var) +{ + if (sys_var_character_set::check(thd, var)) + return 1; + /* Currently, UCS-2 cannot be used as a client character set */ + if (var->save_result.charset->mbminlen > 1) + { + my_error(ER_WRONG_VALUE_FOR_VAR, MYF(0), name, + var->save_result.charset->csname); + return 1; + } + return 0; +} + + CHARSET_INFO ** sys_var_character_set_results::ci_ptr(THD *thd, enum_var_type type) { @@ -2355,6 +2370,13 @@ end: int set_var_collation_client::check(THD *thd) { + /* Currently, UCS-2 cannot be used as a client character set */ + if (character_set_client->mbminlen > 1) + { + my_error(ER_WRONG_VALUE_FOR_VAR, MYF(0), "character_set_client", + character_set_client->csname); + return 1; + } return 0; } diff --git a/sql/set_var.h b/sql/set_var.h index 78b34963e9d..f6fd0a082b5 100644 --- a/sql/set_var.h +++ b/sql/set_var.h @@ -578,6 +578,7 @@ public: sys_var_character_set(name_arg) {} void set_default(THD *thd, enum_var_type type); CHARSET_INFO **ci_ptr(THD *thd, enum_var_type type); + bool check(THD *thd, set_var *var); }; class sys_var_character_set_results :public sys_var_character_set From c7191f90a3634b1a0cc45dc76f16b254f3e0a18e Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 7 Nov 2007 12:47:19 +0400 Subject: [PATCH 2/2] Fix for bug #32137: prepared statement crash with str_to_date in update clause Problem: calling non-constant argument's val_xxx() methods in the ::fix_length_and_dec() is inadmissible. Fix: call the method only for constant arguments. mysql-test/r/ps.result: Fix for bug #32137: prepared statement crash with str_to_date in update clause - test result. mysql-test/t/ps.test: Fix for bug #32137: prepared statement crash with str_to_date in update clause - test case. sql/item_timefunc.cc: Fix for bug #32137: prepared statement crash with str_to_date in update clause - call argument's val_str() only for constant items in the Item_func_str_to_date::fix_length_and_dec(). --- mysql-test/r/ps.result | 5 +++++ mysql-test/t/ps.test | 9 ++++++++ sql/item_timefunc.cc | 49 ++++++++++++++++++++++-------------------- 3 files changed, 40 insertions(+), 23 deletions(-) diff --git a/mysql-test/r/ps.result b/mysql-test/r/ps.result index 49e4bf2f318..49643dd3f78 100644 --- a/mysql-test/r/ps.result +++ b/mysql-test/r/ps.result @@ -1109,4 +1109,9 @@ a 13 DEALLOCATE PREPARE st1; DROP TABLE t1; +create table t1 (a int, b tinyint); +prepare st1 from 'update t1 set b= (str_to_date(a, a))'; +execute st1; +deallocate prepare st1; +drop table t1; End of 4.1 tests. diff --git a/mysql-test/t/ps.test b/mysql-test/t/ps.test index 5e5dcc36b19..18beb357d05 100644 --- a/mysql-test/t/ps.test +++ b/mysql-test/t/ps.test @@ -1146,4 +1146,13 @@ EXECUTE st1; DEALLOCATE PREPARE st1; DROP TABLE t1; +# +# Bug #32137: prepared statement crash with str_to_date in update clause +# +create table t1 (a int, b tinyint); +prepare st1 from 'update t1 set b= (str_to_date(a, a))'; +execute st1; +deallocate prepare st1; +drop table t1; + --echo End of 4.1 tests. diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc index 4bd3d68b9c1..08e0a727544 100644 --- a/sql/item_timefunc.cc +++ b/sql/item_timefunc.cc @@ -2958,39 +2958,42 @@ Field *Item_func_str_to_date::tmp_table_field(TABLE *t_arg) void Item_func_str_to_date::fix_length_and_dec() { - char format_buff[64]; - String format_str(format_buff, sizeof(format_buff), &my_charset_bin); - String *format; maybe_null= 1; decimals=0; cached_field_type= MYSQL_TYPE_STRING; max_length= MAX_DATETIME_FULL_WIDTH*MY_CHARSET_BIN_MB_MAXLEN; cached_timestamp_type= MYSQL_TIMESTAMP_NONE; - format= args[1]->val_str(&format_str); - if (!args[1]->null_value && (const_item= args[1]->const_item())) + if ((const_item= args[1]->const_item())) { - cached_format_type= get_date_time_result_type(format->ptr(), - format->length()); - switch (cached_format_type) { - case DATE_ONLY: - cached_timestamp_type= MYSQL_TIMESTAMP_DATE; - cached_field_type= MYSQL_TYPE_DATE; - max_length= MAX_DATE_WIDTH*MY_CHARSET_BIN_MB_MAXLEN; - break; - case TIME_ONLY: - case TIME_MICROSECOND: - cached_timestamp_type= MYSQL_TIMESTAMP_TIME; - cached_field_type= MYSQL_TYPE_TIME; - max_length= MAX_TIME_WIDTH*MY_CHARSET_BIN_MB_MAXLEN; - break; - default: - cached_timestamp_type= MYSQL_TIMESTAMP_DATETIME; - cached_field_type= MYSQL_TYPE_DATETIME; - break; + char format_buff[64]; + String format_str(format_buff, sizeof(format_buff), &my_charset_bin); + String *format= args[1]->val_str(&format_str); + if (!args[1]->null_value) + { + cached_format_type= get_date_time_result_type(format->ptr(), + format->length()); + switch (cached_format_type) { + case DATE_ONLY: + cached_timestamp_type= MYSQL_TIMESTAMP_DATE; + cached_field_type= MYSQL_TYPE_DATE; + max_length= MAX_DATE_WIDTH * MY_CHARSET_BIN_MB_MAXLEN; + break; + case TIME_ONLY: + case TIME_MICROSECOND: + cached_timestamp_type= MYSQL_TIMESTAMP_TIME; + cached_field_type= MYSQL_TYPE_TIME; + max_length= MAX_TIME_WIDTH * MY_CHARSET_BIN_MB_MAXLEN; + break; + default: + cached_timestamp_type= MYSQL_TIMESTAMP_DATETIME; + cached_field_type= MYSQL_TYPE_DATETIME; + break; + } } } } + bool Item_func_str_to_date::get_date(TIME *ltime, uint fuzzy_date) { DATE_TIME_FORMAT date_time_format;