From cb06e0c1250074337293289e4914f01911e68ec5 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 9 Dec 2005 23:01:52 +0300 Subject: [PATCH 1/3] Fix bug #15268 Unchecked null value caused server crash cmp_item_sort_string::cmp() wasn't checking values_res variable for null. Later called function was dereferenced it and crashed server. Added null check to cmp_item_sort_string::cmp(). sql/item_cmpfunc.h: Fix bug#15268 Unchecked null value caused server crash Added null check to cmp_item_sort_string::cmp(). mysql-test/t/select.test: Test case for bug#15268 Unchecked null value caused server crash mysql-test/r/select.result: Test case for bug#15268 Unchecked null value caused server crash --- mysql-test/r/select.result | 8 ++++++++ mysql-test/t/select.test | 10 ++++++++++ sql/item_cmpfunc.h | 6 +++--- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/mysql-test/r/select.result b/mysql-test/r/select.result index 598ea2b10d1..e2c4609d902 100644 --- a/mysql-test/r/select.result +++ b/mysql-test/r/select.result @@ -3337,3 +3337,11 @@ id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE t2 const PRIMARY PRIMARY 4 const 1 Using index 1 SIMPLE t3 const PRIMARY PRIMARY 8 const,const 1 DROP TABLE t1,t2,t3; +create table t1(f1 char, f2 char not null); +insert into t1 values(null,'a'); +create table t2 (f2 char not null); +insert into t2 values('b'); +select * from t1 left join t2 on f1=t2.f2 where t1.f2='a'; +f1 f2 f2 +NULL a NULL +drop table t1,t2; diff --git a/mysql-test/t/select.test b/mysql-test/t/select.test index a73d08f5f18..a85b82a7767 100644 --- a/mysql-test/t/select.test +++ b/mysql-test/t/select.test @@ -2805,3 +2805,13 @@ EXPLAIN SELECT t2.key_a,foo WHERE t2.key_a=2 and key_b=5; DROP TABLE t1,t2,t3; + +# +# Bug#15268 Unchecked null value caused server crash +# +create table t1(f1 char, f2 char not null); +insert into t1 values(null,'a'); +create table t2 (f2 char not null); +insert into t2 values('b'); +select * from t1 left join t2 on f1=t2.f2 where t1.f2='a'; +drop table t1,t2; diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h index bfd32223d4c..b4064fb45b8 100644 --- a/sql/item_cmpfunc.h +++ b/sql/item_cmpfunc.h @@ -723,9 +723,9 @@ public: { char buff[STRING_BUFFER_USUAL_SIZE]; String tmp(buff, sizeof(buff), cmp_charset), *res; - if (!(res= arg->val_str(&tmp))) - return 1; /* Can't be right */ - return sortcmp(value_res, res, cmp_charset); + res= arg->val_str(&tmp); + return (value_res ? (res ? sortcmp(value_res, res, cmp_charset) : 1) : + (res ? -1 : 0)); } int compare(cmp_item *c) { From 67183a7b8a0f08267a165f1edc075f75ba746e44 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 14 Dec 2005 00:23:46 +0200 Subject: [PATCH 2/3] Fixed test case. --- mysql-test/r/ndb_read_multi_range.result | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysql-test/r/ndb_read_multi_range.result b/mysql-test/r/ndb_read_multi_range.result index f42ac394b6c..bb9398054ff 100644 --- a/mysql-test/r/ndb_read_multi_range.result +++ b/mysql-test/r/ndb_read_multi_range.result @@ -1,4 +1,4 @@ -DROP TABLE IF EXISTS t1, r1; +DROP TABLE IF EXISTS t1, t2, r1; create table t1 ( a int primary key, b int not null, From 4e1d88af8fe7ec0eac3902bb72a067e8d191bf3a Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 14 Dec 2005 01:21:56 +0200 Subject: [PATCH 3/3] Netware specific changes. sql/ha_archive.cc: Disabled archive db for Netware until zlibCompileFlags() is available for this platform. sql/sql_string.h: Added casts. Won't work with Metrowerks compiler without. --- sql/ha_archive.cc | 2 +- sql/sql_string.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sql/ha_archive.cc b/sql/ha_archive.cc index 1e8fc582eb8..2747f678cc3 100644 --- a/sql/ha_archive.cc +++ b/sql/ha_archive.cc @@ -20,7 +20,7 @@ #include "mysql_priv.h" -#ifdef HAVE_ARCHIVE_DB +#if defined(HAVE_ARCHIVE_DB) && !defined(__NETWARE__) #include "ha_archive.h" #include diff --git a/sql/sql_string.h b/sql/sql_string.h index 67c3e0c62f2..0659f684afe 100644 --- a/sql/sql_string.h +++ b/sql/sql_string.h @@ -24,7 +24,7 @@ #define NOT_FIXED_DEC 31 #endif -#define STRING_WITH_LEN(X) ((char*) X), (sizeof(X)-1) +#define STRING_WITH_LEN(X) ((const char*) X), ((uint) (sizeof(X) - 1)) class String; int sortcmp(const String *a,const String *b, CHARSET_INFO *cs);