Commit 4daaa028 authored by Sergey Vojtovich's avatar Sergey Vojtovich

BUG#11766720 - setting storage engine to null segfaults mysqld

MONTHNAME(0) claims that it is about to return NOT NULL
value, whereas it actually returns NULL.

As a result storage_engine variable (which cannot be NULL)
protection was bypassed and NULL value was accepted, causing
server crash.

Fixed MONTHNAME(0) to report valid NULL flag.
parent b2089dc8
...@@ -136,7 +136,7 @@ dayname("1962-03-03") dayname("1962-03-03")+0 ...@@ -136,7 +136,7 @@ dayname("1962-03-03") dayname("1962-03-03")+0
Saturday 5 Saturday 5
select monthname("1972-03-04"),monthname("1972-03-04")+0; select monthname("1972-03-04"),monthname("1972-03-04")+0;
monthname("1972-03-04") monthname("1972-03-04")+0 monthname("1972-03-04") monthname("1972-03-04")+0
March 3 March 0
select time_format(19980131000000,'%H|%I|%k|%l|%i|%p|%r|%S|%T'); select time_format(19980131000000,'%H|%I|%k|%l|%i|%p|%r|%S|%T');
time_format(19980131000000,'%H|%I|%k|%l|%i|%p|%r|%S|%T') time_format(19980131000000,'%H|%I|%k|%l|%i|%p|%r|%S|%T')
00|12|0|12|00|AM|12:00:00 AM|00|00:00:00 00|12|0|12|00|AM|12:00:00 AM|00|00:00:00
...@@ -1368,3 +1368,11 @@ SELECT SUBDATE(STR_TO_DATE(NULL,0), INTERVAL 1 HOUR); ...@@ -1368,3 +1368,11 @@ SELECT SUBDATE(STR_TO_DATE(NULL,0), INTERVAL 1 HOUR);
SUBDATE(STR_TO_DATE(NULL,0), INTERVAL 1 HOUR) SUBDATE(STR_TO_DATE(NULL,0), INTERVAL 1 HOUR)
NULL NULL
# #
# BUG#59895 - setting storage engine to null segfaults mysqld
#
SELECT MONTHNAME(0), MONTHNAME(0) IS NULL, MONTHNAME(0) + 1;
MONTHNAME(0) MONTHNAME(0) IS NULL MONTHNAME(0) + 1
NULL 1 NULL
SET storage_engine=NULL;
ERROR 42000: Variable 'storage_engine' can't be set to the value of 'NULL'
#
...@@ -881,4 +881,11 @@ SELECT WEEK(STR_TO_DATE(NULL,0)); ...@@ -881,4 +881,11 @@ SELECT WEEK(STR_TO_DATE(NULL,0));
SELECT SUBDATE(STR_TO_DATE(NULL,0), INTERVAL 1 HOUR); SELECT SUBDATE(STR_TO_DATE(NULL,0), INTERVAL 1 HOUR);
--echo # --echo #
--echo # BUG#59895 - setting storage engine to null segfaults mysqld
--echo #
SELECT MONTHNAME(0), MONTHNAME(0) IS NULL, MONTHNAME(0) + 1;
--error ER_WRONG_VALUE_FOR_VAR
SET storage_engine=NULL;
--echo #
...@@ -1133,16 +1133,13 @@ String* Item_func_monthname::val_str(String* str) ...@@ -1133,16 +1133,13 @@ String* Item_func_monthname::val_str(String* str)
{ {
DBUG_ASSERT(fixed == 1); DBUG_ASSERT(fixed == 1);
const char *month_name; const char *month_name;
uint month= (uint) val_int();
uint err; uint err;
MYSQL_TIME ltime;
if (null_value || !month) if ((null_value= (get_arg0_date(&ltime, TIME_FUZZY_DATE) || !ltime.month)))
{ return (String *) 0;
null_value=1;
return (String*) 0; month_name= locale->month_names->type_names[ltime.month - 1];
}
null_value=0;
month_name= locale->month_names->type_names[month-1];
str->copy(month_name, (uint) strlen(month_name), &my_charset_utf8_bin, str->copy(month_name, (uint) strlen(month_name), &my_charset_utf8_bin,
collation.collation, &err); collation.collation, &err);
return str; return str;
......
...@@ -163,16 +163,19 @@ class Item_func_month :public Item_func ...@@ -163,16 +163,19 @@ class Item_func_month :public Item_func
}; };
class Item_func_monthname :public Item_func_month class Item_func_monthname :public Item_str_func
{ {
MY_LOCALE *locale; MY_LOCALE *locale;
public: public:
Item_func_monthname(Item *a) :Item_func_month(a) {} Item_func_monthname(Item *a) :Item_str_func(a) {}
const char *func_name() const { return "monthname"; } const char *func_name() const { return "monthname"; }
String *val_str(String *str); String *val_str(String *str);
enum Item_result result_type () const { return STRING_RESULT; }
void fix_length_and_dec(); void fix_length_and_dec();
bool check_partition_func_processor(uchar *int_arg) {return TRUE;} bool check_partition_func_processor(uchar *int_arg) {return TRUE;}
bool check_valid_arguments_processor(uchar *int_arg)
{
return !has_date_args();
}
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment