1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
From: kgeorge
Date: April 3 2007 5:01pm
Subject: bk commit into 5.0 tree (gkodinov:1.2432) BUG#27513
Below is the list of changes that have just been committed into a local
5.0 repository of kgeorge. When kgeorge does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2007-04-03 18:00:57+03:00, gkodinov@stripped +2 -0
Bug #27513: test case added to make sure this
crash bug doesn't reappear.
mysql-test/r/errors.result@stripped, 2007-04-03 18:00:55+03:00, gkodinov@stripped +18 -0
Bug #27513: test case
mysql-test/t/errors.test@stripped, 2007-04-03 18:00:55+03:00, gkodinov@stripped +11 -0
Bug #27513: test case
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: gkodinov
# Host: magare.gmz
# Root: /home/kgeorge/mysql/work/B27513-5.0-opt
--- 1.9/mysql-test/r/errors.result 2005-08-12 18:04:47 +03:00
+++ 1.10/mysql-test/r/errors.result 2007-04-03 18:00:55 +03:00
@@ -28,3 +28,21 @@ ERROR 42000: Display width out of range
set sql_mode='traditional';
create table t1 (a varchar(66000));
ERROR 42000: Column length too big for column 'a' (max = 65535); use BLOB or TEXT instead
+CREATE TABLE t1 (a INT);
+SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
+a
+Warnings:
+Error 1365 Division by 0
+INSERT INTO t1 VALUES(1);
+SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
+a
+1
+Warnings:
+Error 1365 Division by 0
+INSERT INTO t1 VALUES(2),(3);
+SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
+a
+1
+Warnings:
+Error 1365 Division by 0
+DROP TABLE t1;
--- 1.15/mysql-test/t/errors.test 2005-08-12 18:04:48 +03:00
+++ 1.16/mysql-test/t/errors.test 2007-04-03 18:00:55 +03:00
@@ -41,4 +41,15 @@ set sql_mode='traditional';
--error 1074
create table t1 (a varchar(66000));
+#
+# Bug #27513: mysql 5.0.x + NULL pointer DoS
+#
+CREATE TABLE t1 (a INT);
+SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
+INSERT INTO t1 VALUES(1);
+SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
+INSERT INTO t1 VALUES(2),(3);
+SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
+DROP TABLE t1;
+
# End of 5.0 tests
|
GitWeb
