Bug#21913: DATE_FORMAT() Crashes mysql server if I use it through mysql-connector-j driver.

Variable character_set_results can legally be NULL (for "no conversion.") This could result in a NULL deref that crashed the server. Fixed. (Although ran some additional precursory tests to see whether I could break anything else, but no breakage so far.)

Bug#21913: DATE_FORMAT() Crashes mysql server if I use it through mysql-connector-j driver.
Variable character_set_results can legally be NULL (for "no conversion.") This could result in a NULL deref that crashed the server. Fixed. (Although ran some additional precursory tests to see whether I could break anything else, but no breakage so far.)
41f19324 · tnurnberg@salvation.intern.azundris.com · 63528161 · 41f19324 · 41f19324 · 41f19324
Commit 41f19324 authored Sep 04, 2006 by tnurnberg@salvation.intern.azundris.com
Show whitespace changes
Inline Side-by-side

Showing with 36 additions and 1 deletion

mysql-test/r/func_time.result mysql-test/r/func_time.result +12 -0

mysql-test/t/func_time.test mysql-test/t/func_time.test +18 -0

sql/sql_string.cc sql/sql_string.cc +6 -1

No files found.
--- a/mysql-test/r/func_time.result
+++ b/mysql-test/r/func_time.result
@@ -688,3 +688,15 @@ t1	CREATE TABLE `t1` (
  `from_unixtime(1) + 0` double(23,6) default NULL
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1
 drop table t1;
+SET NAMES latin1;
+SET character_set_results = NULL;
+SHOW VARIABLES LIKE 'character_set_results';
+Variable_name	Value
+character_set_results	
+CREATE TABLE testBug8868 (field1 DATE, field2 VARCHAR(32) CHARACTER SET BINARY);
+INSERT INTO testBug8868 VALUES ('2006-09-04', 'abcd');
+SELECT DATE_FORMAT(field1,'%b-%e %l:%i%p') as fmtddate, field2 FROM testBug8868;
+fmtddate	field2
+Sep-4 12:00AM	abcd
+DROP TABLE testBug8868;
+SET NAMES DEFAULT;
--- a/mysql-test/t/func_time.test
+++ b/mysql-test/t/func_time.test
@@ -358,4 +358,22 @@ create table t1 select now() - now(), curtime() - curtime(),
 show create table t1;
 drop table t1;
+#
+# 21913: DATE_FORMAT() Crashes mysql server if I use it through
+#        mysql-connector-j driver.
+#
+SET NAMES latin1;
+SET character_set_results = NULL;
+SHOW VARIABLES LIKE 'character_set_results';
+CREATE TABLE testBug8868 (field1 DATE, field2 VARCHAR(32) CHARACTER SET BINARY);
+INSERT INTO testBug8868 VALUES ('2006-09-04', 'abcd');
+SELECT DATE_FORMAT(field1,'%b-%e %l:%i%p') as fmtddate, field2 FROM testBug8868;
+DROP TABLE testBug8868;
+SET NAMES DEFAULT;
 # End of 4.1 tests
--- a/sql/sql_string.cc
+++ b/sql/sql_string.cc
@@ -248,6 +248,10 @@ bool String::copy(const char *str,uint32 arg_length, CHARSET_INFO *cs)
   0  No conversion needed
   1  Either character set conversion or adding leading  zeros
      (e.g. for UCS-2) must be done
+  NOTE
+  to_cs may be NULL for "no conversion" if the system variable
+  character_set_results is NULL.
 */
 bool String::needs_conversion(uint32 arg_length,
@@ -256,7 +260,8 @@ bool String::needs_conversion(uint32 arg_length,
 			      uint32 *offset)
 {
  *offset= 0;
-  if ((to_cs == &my_charset_bin) || 
+  if (!to_cs ||
+      (to_cs == &my_charset_bin) || 
      (to_cs == from_cs) ||
      my_charset_same(from_cs, to_cs) ||
      ((from_cs == &my_charset_bin) &&