From b478635110d05f644c7fcca476f5cfc6c9ba1e40 Mon Sep 17 00:00:00 2001
From: unknown <bar@mysql.com>
Date: Mon, 15 Nov 2004 21:26:16 +0400
Subject: [PATCH] Bug#6608: MySQL server crash in some query with tis620
 character set. The bug was that the function allocates 'a', then changes the
 value of 'a' with the operator ++, and then tries to free 'a'!

---
 mysql-test/r/ctype_tis620.result | 38 ++++++++++++++++++++++++++++++++
 mysql-test/t/ctype_tis620.test   | 35 +++++++++++++++++++++++++++++
 strings/ctype-tis620.c           | 10 +++------
 3 files changed, 76 insertions(+), 7 deletions(-)

diff --git a/mysql-test/r/ctype_tis620.result b/mysql-test/r/ctype_tis620.result
index 1fece515f9f..fa99c2d1318 100644
--- a/mysql-test/r/ctype_tis620.result
+++ b/mysql-test/r/ctype_tis620.result
@@ -2899,3 +2899,41 @@ hex(a)	STRCMP(a,'a')	STRCMP(a,'a ')
 6109	-1	-1
 61	0	0
 DROP TABLE t1;
+CREATE TABLE t1 (
+`id` int(11) NOT NULL auto_increment,
+`url` varchar(200) NOT NULL default '',
+`name` varchar(250) NOT NULL default '',
+`type` int(11) NOT NULL default '0',
+`website` varchar(250) NOT NULL default '',
+`adddate` date NOT NULL default '0000-00-00',
+`size` varchar(20) NOT NULL default '',
+`movieid` int(11) NOT NULL default '0',
+`musicid` int(11) NOT NULL default '0',
+`star` varchar(20) NOT NULL default '',
+`download` int(11) NOT NULL default '0',
+`lastweek` int(11) NOT NULL default '0',
+`thisweek` int(11) NOT NULL default '0',
+`page` varchar(250) NOT NULL default '',
+PRIMARY KEY  (`id`),
+UNIQUE KEY `url` (`url`)
+) CHARACTER SET tis620;
+INSERT INTO t1 VALUES
+(1,'http://www.siamzone.com/download/download/000001-frodo_1024.jpg','The Lord
+of the Rings
+Wallpapers',1,'http://www.lordoftherings.net','2002-01-22','',448,0,'',3805,0,0,
+'');
+INSERT INTO t1 VALUES (2,'http://www.othemovie.com/OScreenSaver1.EXE','O
+Screensaver',2,'','2002-01-22','',491,0,'',519,0,0,'');
+INSERT INTO t1 VALUES
+(3,'http://www.siamzone.com/download/download/000003-jasonx2(800x600).jpg','Jaso
+n X Wallpapers',1,'','2002-05-31','',579,0,'',1091,0,0,'');
+select * from t1 order by id;
+id	url	name	type	website	adddate	size	movieid	musicid	star	download	lastweek	thisweek	page
+1	http://www.siamzone.com/download/download/000001-frodo_1024.jpg	The Lord
+of the Rings
+Wallpapers	1	http://www.lordoftherings.net	2002-01-22		448	0		3805	0	0	
+2	http://www.othemovie.com/OScreenSaver1.EXE	O
+Screensaver	2		2002-01-22		491	0		519	0	0	
+3	http://www.siamzone.com/download/download/000003-jasonx2(800x600).jpg	Jaso
+n X Wallpapers	1		2002-05-31		579	0		1091	0	0	
+DROP TABLE t1;
diff --git a/mysql-test/t/ctype_tis620.test b/mysql-test/t/ctype_tis620.test
index 92a9eada05f..21ec314dca7 100644
--- a/mysql-test/t/ctype_tis620.test
+++ b/mysql-test/t/ctype_tis620.test
@@ -116,3 +116,38 @@ CREATE TABLE t1 (a char(10) not null) CHARACTER SET tis620;
 INSERT INTO t1 VALUES ('a'),('a\0'),('a\t'),('a ');
 SELECT hex(a),STRCMP(a,'a'), STRCMP(a,'a ') FROM t1;
 DROP TABLE t1;
+
+#
+# Bug#6608
+#
+CREATE TABLE t1 (
+  `id` int(11) NOT NULL auto_increment,
+  `url` varchar(200) NOT NULL default '',
+  `name` varchar(250) NOT NULL default '',
+  `type` int(11) NOT NULL default '0',
+  `website` varchar(250) NOT NULL default '',
+  `adddate` date NOT NULL default '0000-00-00',
+  `size` varchar(20) NOT NULL default '',
+  `movieid` int(11) NOT NULL default '0',
+  `musicid` int(11) NOT NULL default '0',
+  `star` varchar(20) NOT NULL default '',
+  `download` int(11) NOT NULL default '0',
+  `lastweek` int(11) NOT NULL default '0',
+  `thisweek` int(11) NOT NULL default '0',
+  `page` varchar(250) NOT NULL default '',
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `url` (`url`)
+) CHARACTER SET tis620;
+
+INSERT INTO t1 VALUES
+(1,'http://www.siamzone.com/download/download/000001-frodo_1024.jpg','The Lord
+of the Rings
+Wallpapers',1,'http://www.lordoftherings.net','2002-01-22','',448,0,'',3805,0,0,
+'');
+INSERT INTO t1 VALUES (2,'http://www.othemovie.com/OScreenSaver1.EXE','O
+Screensaver',2,'','2002-01-22','',491,0,'',519,0,0,'');
+INSERT INTO t1 VALUES
+(3,'http://www.siamzone.com/download/download/000003-jasonx2(800x600).jpg','Jaso
+n X Wallpapers',1,'','2002-05-31','',579,0,'',1091,0,0,'');
+select * from t1 order by id;
+DROP TABLE t1;
diff --git a/strings/ctype-tis620.c b/strings/ctype-tis620.c
index a2ba4783591..68bfefafe6a 100644
--- a/strings/ctype-tis620.c
+++ b/strings/ctype-tis620.c
@@ -562,17 +562,13 @@ int my_strnncollsp_tis620(CHARSET_INFO * cs __attribute__((unused)),
 			  const uchar *b0, uint b_length)
 {
   uchar	buf[80] ;
-  uchar *end, *a, *b;
+  uchar *end, *a, *b, *alloced= NULL;
   uint length;
   int res= 0;
-  int alloced= 0;
   
   a= buf;
   if ((a_length + b_length +2) > (int) sizeof(buf))
-  {
-    a= (uchar*) malloc(a_length+b_length);
-    alloced= 1;
-  }
+    alloced= a= (uchar*) malloc(a_length+b_length);
   
   b= a + a_length+1;
   memcpy((char*) a, (char*) a0, a_length);
@@ -618,7 +614,7 @@ int my_strnncollsp_tis620(CHARSET_INFO * cs __attribute__((unused)),
 ret:
   
   if (alloced)
-    free(a);
+    free(alloced);
   return res;
 }