Commit 7f2140d3 authored by unknown's avatar unknown
Browse files

Bug#18539 uncompress(d) is null: impossible? 

 - Add a check that length of field to uncompress is longer than 4 bytes.
   This can be dones as the length of uncompressed data is written as 
   first four bytes of field and thus it can't be valid compressed data.


mysql-test/r/func_compress.result:
  Update test results
sql/item_strfunc.cc:
  Is size of field is less than or equal to 4 bytes, indicate data is uncompressable/corrupt.
parent b46c81e1

mysql-test/r/func_compress.result

+5 −5
Original line number Diff line number Diff line
@@ -85,12 +85,12 @@ explain select * from t1 where uncompress(a) is null; 
id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra

1	SIMPLE	t1	system	NULL	NULL	NULL	NULL	1	

Warnings:

Error	1256	Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)

Error	1259	ZLIB: Input data corrupted

select * from t1 where uncompress(a) is null;

a

foo

Warnings:

Error	1256	Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)

Error	1259	ZLIB: Input data corrupted

explain select *, uncompress(a) from t1;

id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra

1	SIMPLE	t1	system	NULL	NULL	NULL	NULL	1
@@ -98,12 +98,12 @@ select *, uncompress(a) from t1; 
a	uncompress(a)

foo	NULL

Warnings:

Error	1256	Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)

Error	1259	ZLIB: Input data corrupted

select *, uncompress(a), uncompress(a) is null from t1;

a	uncompress(a)	uncompress(a) is null

foo	NULL	1

Warnings:

Error	1256	Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)

Error	1256	Uncompressed data size too large; the maximum size is 104857600 (probably, length of uncompressed data was corrupted)

Error	1259	ZLIB: Input data corrupted

Error	1259	ZLIB: Input data corrupted

drop table t1;

End of 5.0 tests

sql/item_strfunc.cc

+10 −0
Original line number Diff line number Diff line
@@ -2965,6 +2965,16 @@ String *Item_func_uncompress::val_str(String *str) 
  if (res->is_empty())

    return res;



  /* If length is less than 4 bytes, data is corrupt */

  if (res->length() <= 4)

  {

    push_warning_printf(current_thd,MYSQL_ERROR::WARN_LEVEL_ERROR,

			ER_ZLIB_Z_DATA_ERROR,

			ER(ER_ZLIB_Z_DATA_ERROR));

    goto err;

  }



  /* Size of uncompressed data is stored as first 4 bytes of field */

  new_size= uint4korr(res->ptr()) & 0x3FFFFFFF;

  if (new_size > current_thd->variables.max_allowed_packet)

  {