mirror of
https://github.com/MariaDB/server.git
synced 2025-11-06 13:10:12 +03:00
45a87c685b
The CONVERT_TZ function crashes the server when the timezone argument is an empty SET field value. 1) The CONVERT_TZ may find a timezone string in the tz_names hash. 2) A string representation of the empty SET is a String of zero length with the NULL pointer. 3) If the key argument length is zero, hash functions do comparison using the length of the record being compared against. I.e. a zero-length String buffer is an invalid argument for hash search functions, and if String points to NULL buffer, hashcmp() fails with SEGV accessing that memory. The my_tz_find function has been modified to treat empty Strings as invalid timezone values to skip unnecessary hash search. mysql-test/r/timezone2.result: Test case for bug #55424. mysql-test/t/timezone2.test: Test case for bug #55424. sql/sql_string.h: Bug #55424: convert_tz crashes when fed invalid data Added "const" modifier to String::is_empty(). sql/tztime.cc: Bug #55424: convert_tz crashes when fed invalid data The my_tz_find function has been modified to treat empty Strings as invalid timezone values to skip unnecessary hash search.
9.0 KiB
9.0 KiB