Bug#20729: Bad date_format() call makes mysql server crash
The problem is that the author used the wrong function to send a warning to the user about truncation of data. push_warning() takes a constant string and push_warning_printf() takes a format and variable arguments to fill it. Since the string we were complaining about contains percent characters, the printf() code interprets the "%Y" et c. that the user sends. That's wrong, and often causes a crash, especially if the date mentions seconds, "%s". A alternate fix would be to use push_warning_printf(..., "%s", warn_buff) . mysql-test/r/date_formats.result: Test that an invalid date doesn't crash the server. We should get a warning back instead of a dead socket. mysql-test/t/date_formats.test: Test that an invalid date doesn't crash the server. We should get a warning back instead of a dead socket. sql/time.cc: Don't try to use warn_buf as the start of a varible arguement list to send to a warning-formatted my_vsnprintf() .
Showing
Please register or sign in to comment