Commit ed001f18 authored by unknown's avatar unknown

Bug#20729: Bad date_format() call makes mysql server crash

    
The problem is that the author used the wrong function to send a warning to the 
user about truncation of data.  push_warning() takes a constant string and 
push_warning_printf() takes a format and variable arguments to fill it.

Since the string we were complaining about contains percent characters, the 
printf() code interprets the "%Y" et c. that the user sends.  That's wrong, and
often causes a crash, especially if the date mentions seconds, "%s".

A alternate fix would be to use  push_warning_printf(..., "%s", warn_buff) .


mysql-test/r/date_formats.result:
  Test that an invalid date doesn't crash the server.  We should get a warning back 
  instead of a dead socket.
mysql-test/t/date_formats.test:
  Test that an invalid date doesn't crash the server.  We should get a warning back 
  instead of a dead socket.
sql/time.cc:
  Don't try to use warn_buf as the start of a varible arguement list to send 
  to a warning-formatted my_vsnprintf() .
parent 17986f7c
......@@ -509,3 +509,9 @@ TIME_FORMAT("24:00:00", '%l %p')
SELECT TIME_FORMAT("25:00:00", '%l %p');
TIME_FORMAT("25:00:00", '%l %p')
1 AM
SELECT DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896);
DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896)
NULL
Warnings:
Warning 1292 Truncated incorrect datetime value: '%Y-%m-%d %H:%i:%s'
"End of 4.1 tests"
......@@ -275,7 +275,6 @@ drop table t1;
select str_to_date( 1, NULL );
select str_to_date( NULL, 1 );
select str_to_date( 1, IF(1=1,NULL,NULL) );
# End of 4.1 tests
#
# Bug#11326
......@@ -298,3 +297,10 @@ SELECT TIME_FORMAT("12:00:00", '%l %p');
SELECT TIME_FORMAT("23:00:00", '%l %p');
SELECT TIME_FORMAT("24:00:00", '%l %p');
SELECT TIME_FORMAT("25:00:00", '%l %p');
#
# Bug#20729: Bad date_format() call makes mysql server crash
#
SELECT DATE_FORMAT('%Y-%m-%d %H:%i:%s', 1151414896);
--echo "End of 4.1 tests"
......@@ -797,7 +797,7 @@ void make_truncated_value_warning(THD *thd, const char *str_val,
}
sprintf(warn_buff, ER(ER_TRUNCATED_WRONG_VALUE),
type_str, str.ptr());
push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
ER_TRUNCATED_WRONG_VALUE, warn_buff);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment