Bug#6608: MySQL server crash in some query with tis620 character set.

The bug was that the function allocates 'a', then changes the value of 'a' with the operator ++, and then tries to free 'a'!

Bug#6608: MySQL server crash in some query with tis620 character set.
The bug was that the function allocates 'a', then changes the value of 'a' with the operator ++, and then tries to free 'a'!
b4786351 · unknown · 58f984ad · b4786351 · b4786351 · b4786351
Commit b4786351 authored Nov 15, 2004 by unknown
Showing with 76 additions and 7 deletions

mysql-test/r/ctype_tis620.result mysql-test/r/ctype_tis620.result +38 -0

mysql-test/t/ctype_tis620.test mysql-test/t/ctype_tis620.test +35 -0

strings/ctype-tis620.c strings/ctype-tis620.c +3 -7

No files found.
--- a/mysql-test/r/ctype_tis620.result
+++ b/mysql-test/r/ctype_tis620.result
@@ -2899,3 +2899,41 @@ hex(a)	STRCMP(a,'a')	STRCMP(a,'a ')
 6109	-1	-1
 61	0	0
 DROP TABLE t1;
+CREATE TABLE t1 (
+`id` int(11) NOT NULL auto_increment,
+`url` varchar(200) NOT NULL default '',
+`name` varchar(250) NOT NULL default '',
+`type` int(11) NOT NULL default '0',
+`website` varchar(250) NOT NULL default '',
+`adddate` date NOT NULL default '0000-00-00',
+`size` varchar(20) NOT NULL default '',
+`movieid` int(11) NOT NULL default '0',
+`musicid` int(11) NOT NULL default '0',
+`star` varchar(20) NOT NULL default '',
+`download` int(11) NOT NULL default '0',
+`lastweek` int(11) NOT NULL default '0',
+`thisweek` int(11) NOT NULL default '0',
+`page` varchar(250) NOT NULL default '',
+PRIMARY KEY  (`id`),
+UNIQUE KEY `url` (`url`)
+) CHARACTER SET tis620;
+INSERT INTO t1 VALUES
+(1,'http://www.siamzone.com/download/download/000001-frodo_1024.jpg','The Lord
+of the Rings
+Wallpapers',1,'http://www.lordoftherings.net','2002-01-22','',448,0,'',3805,0,0,
+'');
+INSERT INTO t1 VALUES (2,'http://www.othemovie.com/OScreenSaver1.EXE','O
+Screensaver',2,'','2002-01-22','',491,0,'',519,0,0,'');
+INSERT INTO t1 VALUES
+(3,'http://www.siamzone.com/download/download/000003-jasonx2(800x600).jpg','Jaso
+n X Wallpapers',1,'','2002-05-31','',579,0,'',1091,0,0,'');
+select * from t1 order by id;
+id	url	name	type	website	adddate	size	movieid	musicid	star	download	lastweek	thisweek	page
+1	http://www.siamzone.com/download/download/000001-frodo_1024.jpg	The Lord
+of the Rings
+Wallpapers	1	http://www.lordoftherings.net	2002-01-22		448	0		3805	0	0	
+2	http://www.othemovie.com/OScreenSaver1.EXE	O
+Screensaver	2		2002-01-22		491	0		519	0	0	
+3	http://www.siamzone.com/download/download/000003-jasonx2(800x600).jpg	Jaso
+n X Wallpapers	1		2002-05-31		579	0		1091	0	0	
+DROP TABLE t1;
--- a/mysql-test/t/ctype_tis620.test
+++ b/mysql-test/t/ctype_tis620.test
@@ -116,3 +116,38 @@ CREATE TABLE t1 (a char(10) not null) CHARACTER SET tis620;
 INSERT INTO t1 VALUES ('a'),('a\0'),('a\t'),('a ');
 SELECT hex(a),STRCMP(a,'a'), STRCMP(a,'a ') FROM t1;
 DROP TABLE t1;
+#
+# Bug#6608
+#
+CREATE TABLE t1 (
+  `id` int(11) NOT NULL auto_increment,
+  `url` varchar(200) NOT NULL default '',
+  `name` varchar(250) NOT NULL default '',
+  `type` int(11) NOT NULL default '0',
+  `website` varchar(250) NOT NULL default '',
+  `adddate` date NOT NULL default '0000-00-00',
+  `size` varchar(20) NOT NULL default '',
+  `movieid` int(11) NOT NULL default '0',
+  `musicid` int(11) NOT NULL default '0',
+  `star` varchar(20) NOT NULL default '',
+  `download` int(11) NOT NULL default '0',
+  `lastweek` int(11) NOT NULL default '0',
+  `thisweek` int(11) NOT NULL default '0',
+  `page` varchar(250) NOT NULL default '',
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `url` (`url`)
+) CHARACTER SET tis620;
+INSERT INTO t1 VALUES
+(1,'http://www.siamzone.com/download/download/000001-frodo_1024.jpg','The Lord
+of the Rings
+Wallpapers',1,'http://www.lordoftherings.net','2002-01-22','',448,0,'',3805,0,0,
+'');
+INSERT INTO t1 VALUES (2,'http://www.othemovie.com/OScreenSaver1.EXE','O
+Screensaver',2,'','2002-01-22','',491,0,'',519,0,0,'');
+INSERT INTO t1 VALUES
+(3,'http://www.siamzone.com/download/download/000003-jasonx2(800x600).jpg','Jaso
+n X Wallpapers',1,'','2002-05-31','',579,0,'',1091,0,0,'');
+select * from t1 order by id;
+DROP TABLE t1;
--- a/strings/ctype-tis620.c
+++ b/strings/ctype-tis620.c
@@ -562,17 +562,13 @@ int my_strnncollsp_tis620(CHARSET_INFO * cs __attribute__((unused)),
 			  const uchar *b0, uint b_length)
 {
  uchar	buf[80] ;
-  uchar *end, *a, *b;
+  uchar *end, *a, *b, *alloced= NULL;
  uint length;
  int res= 0;
-  int alloced= 0;
  a= buf;
  if ((a_length + b_length +2) > (int) sizeof(buf))
-  {
+    alloced= a= (uchar*) malloc(a_length+b_length);
-    a= (uchar*) malloc(a_length+b_length);
-    alloced= 1;
-  }
  b= a + a_length+1;
  memcpy((char*) a, (char*) a0, a_length);
@@ -618,7 +614,7 @@ int my_strnncollsp_tis620(CHARSET_INFO * cs __attribute__((unused)),
 ret:
  if (alloced)
-    free(a);
+    free(alloced);
  return res;
 }