Manual merge of Bug 27592 (5.0-runtime to 5.1-runtime)

041c7797 · malff/marcsql@weblab.(none) · 7b55e8b8 · 041c7797 · 041c7797
Commit 041c7797 authored Jun 11, 2007 by malff/marcsql@weblab.(none)
Hide whitespace changes
Inline Side-by-side

Showing with 68 additions and 10 deletions

sql/field.cc sql/field.cc +14 -10

tests/mysql_client_test.c tests/mysql_client_test.c +54 -0

No files found.
--- a/sql/field.cc
+++ b/sql/field.cc
@@ -4397,7 +4397,7 @@ Field_timestamp::Field_timestamp(uchar *ptr_arg, uint32 len_arg,
 				 const char *field_name_arg,
 				 TABLE_SHARE *share,
 				 CHARSET_INFO *cs)
-  :Field_str(ptr_arg, 19, null_ptr_arg, null_bit_arg,
+  :Field_str(ptr_arg, MAX_DATETIME_WIDTH, null_ptr_arg, null_bit_arg,
 	     unireg_check_arg, field_name_arg, cs)
 {
  /* For 4.0 MYD and 4.0 InnoDB compatibility */
@@ -4414,7 +4414,8 @@ Field_timestamp::Field_timestamp(uchar *ptr_arg, uint32 len_arg,
 Field_timestamp::Field_timestamp(bool maybe_null_arg,
                                 const char *field_name_arg,
                                 CHARSET_INFO *cs)
-  :Field_str((uchar*) 0, 19, maybe_null_arg ? (uchar*) "": 0, 0,
+  :Field_str((uchar*) 0, MAX_DATETIME_WIDTH,
+             maybe_null_arg ? (uchar*) "": 0, 0,
 	     NONE, field_name_arg, cs)
 {
  /* For 4.0 MYD and 4.0 InnoDB compatibility */
@@ -4947,7 +4948,7 @@ String *Field_time::val_str(String *val_buffer,
 {
  ASSERT_COLUMN_MARKED_FOR_READ;
  MYSQL_TIME ltime;
-  val_buffer->alloc(19);
+  val_buffer->alloc(MAX_DATE_STRING_REP_LENGTH);
  long tmp=(long) sint3korr(ptr);
  ltime.neg= 0;
  if (tmp < 0)
@@ -5495,7 +5496,7 @@ int Field_newdate::store_time(MYSQL_TIME *ltime,timestamp_type time_type)
                     (MODE_NO_ZERO_IN_DATE | MODE_NO_ZERO_DATE |
                      MODE_INVALID_DATES))), &error))
    {
-      char buff[12];
+      char buff[MAX_DATE_STRING_REP_LENGTH];
      String str(buff, sizeof(buff), &my_charset_latin1);
      make_date((DATE_TIME_FORMAT *) 0, ltime, &str);
      set_datetime_warning(MYSQL_ERROR::WARN_LEVEL_WARN, WARN_DATA_TRUNCATED,
@@ -5726,7 +5727,7 @@ int Field_datetime::store_time(MYSQL_TIME *ltime,timestamp_type time_type)
                     (MODE_NO_ZERO_IN_DATE | MODE_NO_ZERO_DATE |
                      MODE_INVALID_DATES))), &error))
    {
-      char buff[19];
+      char buff[MAX_DATE_STRING_REP_LENGTH];
      String str(buff, sizeof(buff), &my_charset_latin1);
      make_datetime((DATE_TIME_FORMAT *) 0, ltime, &str);
      set_datetime_warning(MYSQL_ERROR::WARN_LEVEL_WARN, WARN_DATA_TRUNCATED,
@@ -5802,7 +5803,7 @@ String *Field_datetime::val_str(String *val_buffer,
  part1=(long) (tmp/LL(1000000));
  part2=(long) (tmp - (ulonglong) part1*LL(1000000));

-  pos=(char*) val_buffer->ptr()+19;
+  pos=(char*) val_buffer->ptr() + MAX_DATETIME_WIDTH;
  *pos--=0;
  *pos--= (char) ('0'+(char) (part2%10)); part2/=10;
  *pos--= (char) ('0'+(char) (part2%10)); part3= (int) (part2 / 10);
@@ -8911,15 +8912,18 @@ bool Create_field::init(THD *thd, char *fld_name, enum_field_types fld_type,
    break;
  case MYSQL_TYPE_TIMESTAMP:
    if (!fld_length)
-      length= 14;  /* Full date YYYYMMDDHHMMSS */
-    else if (length != 19)
+    {
+      /* Compressed date YYYYMMDDHHMMSS */
+      length= MAX_DATETIME_COMPRESSED_WIDTH;
+    }
+    else if (length != MAX_DATETIME_WIDTH)
    {
      /*
        We support only even TIMESTAMP lengths less or equal than 14
        and 19 as length of 4.1 compatible representation.
      */
      length= ((length+1)/2)*2; /* purecov: inspected */
-      length= min(length,14); /* purecov: inspected */
+      length= min(length, MAX_DATETIME_COMPRESSED_WIDTH); /* purecov: inspected */
    }
    flags|= ZEROFILL_FLAG | UNSIGNED_FLAG;
    if (fld_default_value)
@@ -8972,7 +8976,7 @@ bool Create_field::init(THD *thd, char *fld_name, enum_field_types fld_type,
    length= 10;
    break;
  case MYSQL_TYPE_DATETIME:
-    length= 19;
+    length= MAX_DATETIME_WIDTH;
    break;
  case MYSQL_TYPE_SET:
    {

--- a/tests/mysql_client_test.c
+++ b/tests/mysql_client_test.c
@@ -16161,6 +16161,59 @@ static void test_bug27876()
 }


+/*
+  Bug#27592 (stack overrun when storing datetime value using prepared statements)
+*/
+
+static void test_bug27592()
+{
+  const int NUM_ITERATIONS= 40;
+  int i;
+  int rc;
+  MYSQL_STMT *stmt= NULL;
+  MYSQL_BIND bind[1];
+  MYSQL_TIME time_val;
+
+  DBUG_ENTER("test_bug27592");
+  myheader("test_bug27592");
+
+  mysql_query(mysql, "DROP TABLE IF EXISTS t1");
+  mysql_query(mysql, "CREATE TABLE t1(c2 DATETIME)");
+
+  stmt= mysql_simple_prepare(mysql, "INSERT INTO t1 VALUES (?)");
+  DIE_UNLESS(stmt);
+
+  memset(bind, 0, sizeof(bind));
+
+  bind[0].buffer_type= MYSQL_TYPE_DATETIME;
+  bind[0].buffer= (char *) &time_val;
+  bind[0].length= NULL;
+
+  for (i= 0; i < NUM_ITERATIONS; i++)
+  {
+    time_val.year= 2007;
+    time_val.month= 6;
+    time_val.day= 7;
+    time_val.hour= 18;
+    time_val.minute= 41;
+    time_val.second= 3;
+
+    time_val.second_part=0;
+    time_val.neg=0;
+
+    rc= mysql_stmt_bind_param(stmt, bind);
+    check_execute(stmt, rc);
+
+    rc= mysql_stmt_execute(stmt);
+    check_execute(stmt, rc);
+  }
+
+  mysql_stmt_close(stmt);
+
+  DBUG_VOID_RETURN;
+}
+
+
 /*
  Read and parse arguments and MySQL options from my.cnf
 */
@@ -16449,6 +16502,7 @@ static struct my_tests_st my_tests[]= {
  { "test_bug28075", test_bug28075 },
 #endif
  { "test_bug27876", test_bug27876 },
+  { "test_bug27592", test_bug27592 },
  { 0, 0 }
 };