Bug #66523 Field_blob::pack - length stored incorrectly
Submitted: 24 Aug 2012 9:04 Modified: 6 Sep 2012 19:39
Reporter: Martin Sulak Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Data Types Severity:S3 (Non-critical)
Version:5.6.6 OS:Any
Assigned to:
Triage: Needs Triage: D2 (Serious)

[24 Aug 2012 9:04] Martin Sulak
Description:
Hello,

I do not understand how method Field_blob::pack in field.cc works.
From source code it seems stored length does not match actual number of bytes stored in case blob length is greater than max_length.
I do not understand how this can be later unpacked correctly.
Please see my comment in the code:

uchar *Field_blob::pack(uchar *to, const uchar *from,
                        uint max_length, bool low_byte_first)
{
  uchar *save= ptr;
  ptr= (uchar*) from;
  uint32 length=get_length();			// Length of from string

  /*
    here max_length is stored into output buffer in case it is less than length
  */
  store_length(to, packlength, min(length, max_length), low_byte_first);

  /*
    here full length is used in memcpy !
    should not be min(length, max_length) again ?
   */
  if (length > 0)
  {
    get_ptr((uchar**) &from);
    memcpy(to+packlength, from,length);
  }
  ptr=save;					// Restore org row pointer

  /*
    And finally full length is reported in the return value.
   */
  return to+packlength+length;
}

How to repeat:
I'm not sure if this is bug or it has any practical effect.

Suggested fix:
Maybe I am wrong but this code seems more correct to me:

uchar *Field_blob::pack(uchar *to, const uchar *from,
                        uint max_length, bool low_byte_first)
{
  uchar *save= ptr;
  ptr= (uchar*) from;
  uint32 length=min(get_length(), max_length);	// Length of from string

  store_length(to, packlength, length, low_byte_first);

  if (length > 0)
  {
    get_ptr((uchar**) &from);
    memcpy(to+packlength, from,length);
  }
  ptr=save;					// Restore org row pointer

  return to+packlength+length;
}
[6 Sep 2012 19:39] Sveta Smirnova
Thank you for the report.

Verified as described.