Bug #34021 | Character sets: crash if concatenate utf32 and number | ||
---|---|---|---|
Submitted: | 23 Jan 2008 21:00 | Modified: | 12 May 2009 1:32 |
Reporter: | Peter Gulutzan | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Charsets | Severity: | S3 (Non-critical) |
Version: | 6.0.5-alpha-debug | OS: | Linux (SUSE 10 / 64-bit) |
Assigned to: | Alexander Barkov | CPU Architecture: | Any |
[23 Jan 2008 21:00]
Peter Gulutzan
[25 Jan 2008 11:24]
Sveta Smirnova
Thank you for the report. Verified as described.
[4 Dec 2008 12:27]
Alexander Barkov
Workaround: use CAST for number: drop table if exists t1; create table t1 (s1 char(5) character set utf32); insert into t1 values ('a'); insert into t1 select concat(s1,cast(1 as char)) from t1; select hex(s1) from t1; +------------------+ | hex(s1) | +------------------+ | 00000061 | | 0000006100000031 | +------------------+ 2 rows in set (0.00 sec)
[4 Dec 2008 13:44]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/60606 2772 Alexander Barkov 2008-12-04 Bug#34021 Character sets: crash if concatenate utf32 and number Problem: When inserting a CONCAT between an UTF32 string and a number into an UTF32 column, mysqld could crashed. That happened was: - Item_num::safe_charset_converter() returned wrong length, which is not divisible by mbminlen=4. - As a result, Item_func_concat() returned wrong length. - Then this call stack happened: Field_string::store() -> well_formed_copy_nchars() -> to_cs->cset->well_formed_len() -> my_well_formed_len_utf32() - The latter call crashed on assert: DBUG_ASSERT((length % 4) == 0); Fix: Item_num_safe_charset_converter() now adds leading zeros if str_val() returned a string with length not divisible by mbminlen.
[24 Dec 2008 8:24]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/62286 2823 Alexander Barkov 2008-12-24 Bug#34021 Character sets: crash if concatenate utf32 and number Problem: When inserting a CONCAT between an UTF32 string and a number into an UTF32 column, mysqld could crash. That happened was: - Item_num::safe_charset_converter() returned wrong length, which is not divisible by mbminlen=4. - As a result, Item_func_concat() returned wrong length. - Then this call stack happened: Field_string::store() -> well_formed_copy_nchars() -> to_cs->cset->well_formed_len() -> my_well_formed_len_utf32() - The last call crashed on assert: DBUG_ASSERT((length % 4) == 0); Fix: Item_num_safe_charset_converter() now adds leading zeros if str_val() returned a string with length not divisible by mbminlen.
[7 Apr 2009 6:11]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/71495 3184 Alexander Barkov 2009-04-07 Bug#34021 Character sets: crash if concatenate utf32 and number Problem: When inserting a CONCAT between an UTF32 string and a number into an UTF32 column, mysqld could crash. That happened was: - Item_num::safe_charset_converter() returned wrong length, which is not divisible by mbminlen=4. - As a result, Item_func_concat() returned wrong length. - Then this call stack happened: Field_string::store() -> well_formed_copy_nchars() -> to_cs->cset->well_formed_len() -> my_well_formed_len_utf32() - The last call crashed on assert: DBUG_ASSERT((length % 4) == 0); Fix: Item_num_safe_charset_converter() now adds leading zeros if str_val() returned a string with length not divisible by mbminlen. modified: mysql-test/r/ctype_utf32.result mysql-test/t/ctype_utf32.test sql/item.cc
[7 Apr 2009 6:21]
Alexander Barkov
Pushed into 6.0-bugtea, currently marked as 6.0.11.
[6 May 2009 14:09]
Bugs System
Pushed into 6.0.12-alpha (revid:svoj@sun.com-20090506125450-yokcmvqf2g7jhujq) (version source revid:bar@mysql.com-20090407060103-ghb9vaj2dbf996kv) (merge vers: 6.0.11-alpha) (pib:6)
[12 May 2009 1:32]
Paul DuBois
Noted in 6.0.12 changelog. Inserting the result of CONCAT() invoked with a utf32 string and a number for arguments caused a server crash.