Bug #38701: Crash in String::append when inserting duplicate empty strings an uft8

SET col When reporting a duplicate key error the server was making incorrect assumptions on what the state of the value string to include in the error is. Fixed by accessing the data in this string in a "safe" way (without relying on it having a terminating 0). Detected by code analysis and fixed a similar problem in reporting the foreign key duplicate errors. mysql-test/r/type_set.result: Bug #38701: test case mysql-test/t/type_set.test: Bug #38701: test case sql/handler.cc: Bug #38701: don't rely on the presence of a terminating 0 in the string

Bug #38701: Crash in String::append when inserting duplicate empty strings an uft8
SET col When reporting a duplicate key error the server was making incorrect assumptions on what the state of the value string to include in the error is. Fixed by accessing the data in this string in a "safe" way (without relying on it having a terminating 0). Detected by code analysis and fixed a similar problem in reporting the foreign key duplicate errors. mysql-test/r/type_set.result: Bug #38701: test case mysql-test/t/type_set.test: Bug #38701: test case sql/handler.cc: Bug #38701: don't rely on the presence of a terminating 0 in the string
cc26bc94 · Georgi Kodinov · dbbb48c3 · cc26bc94 · cc26bc94 · cc26bc94
Commit cc26bc94 authored Sep 05, 2008 by Georgi Kodinov
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 2 deletions

mysql-test/r/type_set.result mysql-test/r/type_set.result +10 -0

mysql-test/t/type_set.test mysql-test/t/type_set.test +19 -0

sql/handler.cc sql/handler.cc +2 -2

No files found.
--- a/mysql-test/r/type_set.result
+++ b/mysql-test/r/type_set.result
@@ -93,4 +93,14 @@ c
 1,2,3
 64
 DROP TABLE t1;
+CREATE TABLE t1 (
+set_unique_utf8 set ('a','b','c','d','e','f','g','h','i','j','k','l',
+'m','n','o','p','q','r','s','t','u','v','w','x',
+'y','z') CHARACTER SET utf8,
+unique (set_unique_utf8)
+);
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+ERROR 23000: Duplicate entry '' for key 'set_unique_utf8'
+DROP TABLE t1;
 End of 5.0 tests
--- a/mysql-test/t/type_set.test
+++ b/mysql-test/t/type_set.test
@@ -75,4 +75,23 @@ INSERT INTO t1 VALUES(9223372036854775808);
 SELECT * FROM t1;
 DROP TABLE t1;
+#
+# Bug #38701: Crash in String::append when inserting duplicate empty strings
+# an uft8 SET col
+#
+CREATE TABLE t1 (
+        set_unique_utf8 set ('a','b','c','d','e','f','g','h','i','j','k','l',
+                             'm','n','o','p','q','r','s','t','u','v','w','x',
+                             'y','z') CHARACTER SET utf8,
+        unique (set_unique_utf8)
+);
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+--error ER_DUP_ENTRY 
+INSERT INTO t1 ( set_unique_utf8 ) VALUES ( '' );
+DROP TABLE t1;
 --echo End of 5.0 tests
--- a/sql/handler.cc
+++ b/sql/handler.cc
@@ -2496,7 +2496,7 @@ void handler::print_keydup_error(uint key_nr, const char *msg)
      str.append(STRING_WITH_LEN("..."));
    }
    my_printf_error(ER_DUP_ENTRY, msg,
-		    MYF(0), str.c_ptr(), table->key_info[key_nr].name);
+		    MYF(0), str.c_ptr_safe(), table->key_info[key_nr].name);
  }
 }
@@ -2564,7 +2564,7 @@ void handler::print_error(int error, myf errflag)
        str.append(STRING_WITH_LEN("..."));
      }
      my_error(ER_FOREIGN_DUPLICATE_KEY, MYF(0), table_share->table_name.str,
-        str.c_ptr(), key_nr+1);
+        str.c_ptr_safe(), key_nr+1);
      DBUG_VOID_RETURN;
    }
    textno= ER_DUP_KEY;