Bug #109339 Failed to insert bignums due to overflow
Submitted: 12 Dec 2022 12:44 Modified: 15 Dec 2022 10:16
Reporter: Yohei Ueki Email Updates:
Status: Verified Impact on me:
Category:Connector / J Severity:S3 (Non-critical)
Version:8.0.22, 8.0.31 OS:Any
Assigned to: CPU Architecture:Any
Tags: regression

[12 Dec 2022 12:44] Yohei Ueki

I suspect mysql-connector-java>=8.0.22 has an overflow bug when inserting values bignum.signed.max+1 <= values <= bignum.unsigned.max to a `bigint unsigned` column.

For a table like
create table tbl(
  k int,
  v bigint unsigned
we get no error when inserting values using mysql client:

mysql> insert into tbl values(1,18446744073709551615);
Query OK, 1 row affected (0.00 sec)

mysql> select * from tbl where k = 1;
| k    | v                    |
|    1 | 18446744073709551615 |
1 row in set (0.00 sec)

We can insert values without error using mysql-client-java==8.0.21,
whereas version>=8.0.22 will raise `com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: Out of range value for column 'v' at row 1`.

I suspect NumberValueEncoder has a bug because:
    BigInteger i = new BigInteger("18446744073709551615");
    assertThat(String.valueOf(i.longValue())).isEqualTo("-1"); // Long.MAX_VALUE: 9223372036854775807, which is smaller than `i`.

There is a workaround for this bug.

How to repeat:
I pushed my PoC code:
[12 Dec 2022 13:04] MySQL Verification Team
Hi Mr. Ueki,

Have you tried repeating this behaviour with our C/J release 8.0.31 ????

Next, would you please, post in this report the entire part of the relevant Java code that produces the error.

If it is too big, you can upload it with our "Files" tab.

We are waiting on your full feedback.
[12 Dec 2022 14:00] Yohei Ueki

Attachment: mysql-connector-java-issue-overflow-bigint-unsigned-main.zip (application/zip, text), 5.71 KiB.

[12 Dec 2022 14:01] Yohei Ueki

This issue occurs with version==8.0.31.

I attached source codes (please see InsertBigIntegerTest.)


Yohei Ueki
[15 Dec 2022 6:30] MySQL Verification Team
Hello Yohei Ueki,

Thank you for the report and feedback.

[15 Dec 2022 6:34] MySQL Verification Team
This doesn't look like intended behavior but a regression as 8.0.21 has no issues but C/J 8.0.22+.  Per data type mapping of MySQL and Java Data Types:

BIGINT[(M)] UNSIGNED mapped with java.math.BigInteger.
[15 Dec 2022 10:16] Yohei Ueki
Hello Umesh,
Thanks for taking a look this report.
Yohei Ueki
[10 Apr 22:02] Manuel McLure
I tracked this down to https://github.com/mysql/mysql-connector-j/commit/6f8287b2a393ef9b67889d2bb2385ef863a7e8df

Before this change, a BigInteger would be converted to String before inserting, after it will be converted to long since it falls into the Number code.