Commit cff23162 authored by Alexander Barkov's avatar Alexander Barkov

Bug#49134 5.1 server segfaults with 2byte collation file

Problem: add_collation did not check that cs->number is smaller
than the number of elements in the array all_charsets[],
so server could crash when loading an Index.xml file with
a collation ID greater the number of elements 
(for example when downgrading from 5.5).

Fix: adding a condition to check that cs->number is not out of valid range.
parent 4578a5c6
......@@ -8,6 +8,13 @@
</rules>
</collation>
<collation name="utf8_hugeid_ci" id="2047000000">
<rules>
<reset>a</reset>
<s>b</s>
</rules>
</collation>
</charset>
<charset name="ucs2">
......
......@@ -220,7 +220,8 @@ copy_uca_collation(CHARSET_INFO *to, CHARSET_INFO *from)
static int add_collation(CHARSET_INFO *cs)
{
if (cs->name && (cs->number ||
(cs->number=get_collation_number_internal(cs->name))))
(cs->number=get_collation_number_internal(cs->name))) &&
cs->number < array_elements(all_charsets))
{
if (!all_charsets[cs->number])
{
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment