Bug#20729: Bad date_format() call makes mysql server crash

    
The problem is that the author used the wrong function to send a warning to the 
user about truncation of data.  push_warning() takes a constant string and 
push_warning_printf() takes a format and variable arguments to fill it.

Since the string we were complaining about contains percent characters, the 
printf() code interprets the "%Y" et c. that the user sends.  That's wrong, and
often causes a crash, especially if the date mentions seconds, "%s".

A alternate fix would be to use  push_warning_printf(..., "%s", warn_buff) .

mysql-test/r/date_formats.result

@@ -509,3 +509,9 @@ TIME_FORMAT("24:00:00", '%l %p')
 SELECT TIME_FORMAT("25:00:00", '%l %p');
 TIME_FORMAT("25:00:00", '%l %p')
 1 AM
+SELECT DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896);
+DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896)
+NULL
+Warnings:
+Warning	1292	Truncated incorrect datetime value: '%Y-%m-%d %H:%i:%s'
+"End of 4.1 tests"

mysql-test/t/date_formats.test

@@ -275,7 +275,6 @@ drop table t1;
 select str_to_date( 1, NULL );
 select str_to_date( NULL, 1 );
 select str_to_date( 1, IF(1=1,NULL,NULL) );
-# End of 4.1 tests
 
 #
 # Bug#11326
@@ -298,3 +297,10 @@ SELECT TIME_FORMAT("12:00:00", '%l %p');
 SELECT TIME_FORMAT("23:00:00", '%l %p');
 SELECT TIME_FORMAT("24:00:00", '%l %p');
 SELECT TIME_FORMAT("25:00:00", '%l %p');
+
+#
+# Bug#20729:  Bad date_format() call makes mysql server crash
+#
+SELECT DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896);
+
+--echo "End of 4.1 tests"

sql/time.cc

@@ -797,7 +797,7 @@ void make_truncated_value_warning(THD *thd, const char *str_val,
   }
   sprintf(warn_buff, ER(ER_TRUNCATED_WRONG_VALUE),
 	  type_str, str.ptr());
-  push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
+  push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
 		      ER_TRUNCATED_WRONG_VALUE, warn_buff);
 }