Bug #30986 Character set introducer followed by a HEX string can return bad result
Submitted: 12 Sep 2007 16:23 Modified: 30 Oct 2007 0:51
Reporter: Alexander Barkov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Charsets Severity:S3 (Non-critical)
Version:5.0/5.1 OS:Any
Assigned to: Sergey Glukhov CPU Architecture:Any

[12 Sep 2007 16:23] Alexander Barkov
Description:
String literal consisting of a character set introducer
followed by a HEX string doesn't check its well-formedness.

How to repeat:
mysql> select hex(_utf8 0xFF);
+-----------------+
| hex(_utf8 0xFF) |
+-----------------+
| FF              |
+-----------------+
1 row in set (0.00 sec)

0xFF is a wrong byte in utf8.

Suggested fix:
Return an error.
[12 Sep 2007 16:24] Alexander Barkov
The same problem happens in the case of X'FF' notation:

mysql> select hex(_utf8 X'FF');
+------------------+
| hex(_utf8 X'FF') |
+------------------+
| FF               |
+------------------+
1 row in set (0.00 sec)
[12 Sep 2007 16:25] Alexander Barkov
The same with bit notation:

mysql> select hex(_utf8 B'11111111');
+------------------------+
| hex(_utf8 B'11111111') |
+------------------------+
| FF                     |
+------------------------+
1 row in set (0.00 sec)
[12 Sep 2007 16:34] Miguel Solorzano
Thank you for the bug report.
[8 Oct 2007 12:26] Sergey Glukhov
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/35096

ChangeSet@1.2534, 2007-10-08 17:19:10+05:00, gluh@mysql.com +4 -0
  Bug#30982 CHAR(..USING..) can return a not-well-formed string
  Bug#30986 Character set introducer followed by a HEX string can return bad result
  Item Item_func_hex: added the check for well formed string
  if result string has illegal symbols we cut off the string
  until last legal symbol.
[10 Oct 2007 15:00] Sergey Glukhov
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/35292
[11 Oct 2007 8:52] Sergey Glukhov
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/35327
[11 Oct 2007 10:23] Alexander Barkov
Ok to push
[15 Oct 2007 13:45] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/35561

ChangeSet@1.2538, 2007-10-15 18:40:58+05:00, gluh@mysql.com +5 -0
  Bug#30986 Character set introducer followed by a HEX string can return bad result(addon)
  issue an error if string has illegal characters
[29 Oct 2007 8:43] Bugs System
Pushed into 5.0.52
[29 Oct 2007 8:46] Bugs System
Pushed into 5.1.23-beta
[29 Oct 2007 8:49] Bugs System
Pushed into 6.0.4-alpha
[30 Oct 2007 0:51] Paul Dubois
Noted in 5.0.52, 5.1.23, 6.0.4 changelogs.

A character set introducer followed by a hexadecimal or bit-value
literal did not check its argument and could return an ill-formed
result for invalid input.