backport from 6.0

Bug#35658 (An empty binary value leads to mysqld crash) Before this fix, the following token b'' caused the parser to crash when reading the binary value from the empty string. The crash was caused by: ptr+= max_length - 1; because max_length is unsigned and was 0, causing an overflow. With this fix, an empty binary literal b'' is parsed as a binary value 0, in Item_bin_string. mysql-test/r/varbinary.result: Bug#35658 (An empty binary value leads to mysqld crash) mysql-test/t/varbinary.test: Bug#35658 (An empty binary value leads to mysqld crash) sql/item.cc: Bug#35658 (An empty binary value leads to mysqld crash)
2026-01-06 05:22:24 +03:00 · 2008-06-27 20:56:41 +05:00
parent 49417ad7c8
commit b83b4697d2
3 changed files with 77 additions and 11 deletions
--- a/mysql-test/t/varbinary.test
+++ b/mysql-test/t/varbinary.test
@@ -84,3 +84,31 @@ select length(a) from t1;
 alter table t1 modify a varchar(255);
 select length(a) from t1;

+#
+# Bug#35658 (An empty binary value leads to mysqld crash)
+#
+
+select 0b01000001;
+
+select 0x41;
+
+select b'01000001';
+
+select x'41', 0+x'41';
+
+select N'abc', length(N'abc');
+
+select N'', length(N'');
+
+select '', length('');
+
+select b'', 0+b'';
+
+select x'', 0+x'';
+
+--error ER_BAD_FIELD_ERROR
+select 0x;
+
+--error ER_BAD_FIELD_ERROR
+select 0b;
+