database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

MDEV-23330 Server crash or ASAN negative-size-param in my_strnncollsp_binary / SORT_FIELD_ATTR::compare_packed_varstrings

Browse Source 
and
MDEV-23414 Assertion `res->charset() == item->collation.collation' failed in Type_handler_string_result::make_packed_sort_key_part

pack_sort_string() *must* take a collation from the Item, not from the
String value. Because when casting a string to _binary the original
String is not copied for performance reasons, it's reused but its
collation does not match Item's collation anymore.

Note, that String's collation cannot be simply changed to _binary,
because for an Item_string literal the original String must stay
unchanged for the duration of the query.

this partially reverts 61c15ebe32
This commit is contained in:
Sergei Golubchik
2020-08-07 13:37:41 +02:00
parent e081415040
commit cd2924bacb
12 changed files with 93 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
sql/filesort.cc
View File

@@ -2544,12 +2544,13 @@ Type_handler_string_result::make_packed_sort_key_part(uchar *to, Item *item,
const SORT_FIELD_ATTR *sort_field,
Sort_param *param) const
{
CHARSET_INFO *cs= item->collation.collation;
bool maybe_null= item->maybe_null;
if (maybe_null)
*to++= 1;
String *res= item->str_result(&param->tmp_buffer);
Binary_string *res= item->str_result(&param->tmp_buffer);
if (!res)
{
if (maybe_null)
@@ -2573,7 +2574,7 @@ Type_handler_string_result::make_packed_sort_key_part(uchar *to, Item *item,
return sort_field->original_length;
}
}
return sort_field->pack_sort_string(to, res);
return sort_field->pack_sort_string(to, res, cs);
}
@@ -2937,7 +2938,8 @@ int compare_packed_sort_keys(void *sort_param,
*/
uint
SORT_FIELD_ATTR::pack_sort_string(uchar *to, String *str) const
SORT_FIELD_ATTR::pack_sort_string(uchar *to, const Binary_string *str,
CHARSET_INFO *cs) const
{
uchar *orig_to= to;
uint32 length, data_length;
@@ -2956,7 +2958,7 @@ SORT_FIELD_ATTR::pack_sort_string(uchar *to, String *str) const
memcpy(to, (uchar*)str->ptr(), data_length);
to+= data_length;
if (str->charset() == &my_charset_bin && suffix_length)
if (cs == &my_charset_bin && suffix_length)
{
// suffix length stored in bigendian form
store_bigendian(length, to, suffix_length);