Bug#57687 crash when reporting duplicate group_key error and utf8

Fixing DoS regression problem. Using "key_part->fieldnr - 1" to access the desired field is only correct in real INSERT queries. In case of inserting records into a temporary table when performing GROUP BY queries this expression does not work. Fix: Instead of accessing field_length and comparing it to key_part->length, there is an easier way to check if we're dealing with a prefix key: check key_part_flag against HA_PART_KEY_SEG flag.

Bug#57687 crash when reporting duplicate group_key error and utf8
Fixing DoS regression problem. Using "key_part->fieldnr - 1" to access the desired field is only correct in real INSERT queries. In case of inserting records into a temporary table when performing GROUP BY queries this expression does not work. Fix: Instead of accessing field_length and comparing it to key_part->length, there is an easier way to check if we're dealing with a prefix key: check key_part_flag against HA_PART_KEY_SEG flag.
0c4e115c · Alexander Barkov · a7a1cf0d · 0c4e115c · 0c4e115c · 0c4e115c
Commit 0c4e115c authored Nov 11, 2010 by Alexander Barkov
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 3 deletions

mysql-test/r/ctype_utf8.result mysql-test/r/ctype_utf8.result +11 -0

mysql-test/t/ctype_utf8.test mysql-test/t/ctype_utf8.test +12 -0

sql/key.cc sql/key.cc +1 -3

No files found.
--- a/mysql-test/r/ctype_utf8.result
+++ b/mysql-test/r/ctype_utf8.result
@@ -4885,5 +4885,16 @@ maketime(`a`,`a`,`a`)
 DROP TABLE t1;
 SET sql_mode=default;
 #
+# Bug#57687 crash when reporting duplicate group_key error and utf8
+# Make sure to modify this when Bug#58081 is fixed.
+#
+SET NAMES utf8;
+CREATE TABLE t1 (a INT);
+INSERT INTO t1 VALUES (0), (0), (1), (0), (0);
+SELECT COUNT(*) FROM t1, t1 t2 
+GROUP BY INSERT('', t2.a, t1.a, (@@global.max_binlog_size));
+ERROR 23000: Duplicate entry '107374182410737418241' for key 'group_key'
+DROP TABLE t1;
+#
 # End of 5.5 tests
 #
--- a/mysql-test/t/ctype_utf8.test
+++ b/mysql-test/t/ctype_utf8.test
@@ -1529,6 +1529,18 @@ DROP TABLE t1, t2;
 SET NAMES utf8;
 --source include/ctype_numconv.inc
+--echo #
+--echo # Bug#57687 crash when reporting duplicate group_key error and utf8
+--echo # Make sure to modify this when Bug#58081 is fixed.
+--echo #
+SET NAMES utf8;
+CREATE TABLE t1 (a INT);
+INSERT INTO t1 VALUES (0), (0), (1), (0), (0);
+--error ER_DUP_ENTRY
+SELECT COUNT(*) FROM t1, t1 t2 
+GROUP BY INSERT('', t2.a, t1.a, (@@global.max_binlog_size));
+DROP TABLE t1;
 --echo #
 --echo # End of 5.5 tests

--- a/sql/key.cc
+++ b/sql/key.cc
@@ -364,9 +364,7 @@ void key_unpack(String *to,TABLE *table,uint idx)
        while (tmp_end > tmp.ptr() && !*--tmp_end) ;
        tmp.length(tmp_end - tmp.ptr() + 1);
      }
-      if (cs->mbmaxlen > 1 &&
+      if (cs->mbmaxlen > 1 && (key_part->key_part_flag & HA_PART_KEY_SEG))
-          table->field[key_part->fieldnr - 1]->field_length !=
-          key_part->length)
      {
        /* 
          Prefix key, multi-byte charset.