Skip to content
Permalink
Browse files
MDEV-18452 ASAN unknown-crash in Field::set_default upon SET bit_colu… 
…mn = DEFAULT

Field_bit for BIT(20) uses 2 full bytes in the record,
with additional 4 uneven bits in the "null bit area".

Field::set_default() called from Field_bit::set_default() erroneously
copied 3 bytes instead of 2 bytes from the record with default values.

Changing Field::set_default() to copy pack_length_in_rec() bytes
instead of pack_length() bytes.
  • Loading branch information
@abarkov
abarkov committed Apr 25, 2019
1 parent ecea908 commit bb17094
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 1 deletion.
7 mysql-test/r/type_bit.result
View file
@@ -830,3 +830,10 @@ def COALESCE(val, 1) 246 2 1 Y 32896 0 63
COALESCE(val, 1)
0
DROP TABLE t1;
#
# MDEV-18452 ASAN unknown-crash in Field::set_default upon SET bit_column = DEFAULT
#
CREATE TABLE t1 (b BIT(20)) ENGINE=MyISAM;
INSERT INTO t1 VALUES (0);
UPDATE t1 SET b = DEFAULT;
DROP TABLE t1;
10 mysql-test/t/type_bit.test
View file
@@ -458,3 +458,13 @@ DROP TABLE t2;
SELECT COALESCE(val, 1) FROM t1;
--disable_metadata
DROP TABLE t1;


--echo #
--echo # MDEV-18452 ASAN unknown-crash in Field::set_default upon SET bit_column = DEFAULT
--echo #

CREATE TABLE t1 (b BIT(20)) ENGINE=MyISAM;
INSERT INTO t1 VALUES (0);
UPDATE t1 SET b = DEFAULT;
DROP TABLE t1;
2 sql/field.h
View file
@@ -854,7 +854,7 @@ class Field: public Value_source
{
my_ptrdiff_t l_offset= (my_ptrdiff_t) (table->s->default_values -
table->record[0]);
memcpy(ptr, ptr + l_offset, pack_length());
memcpy(ptr, ptr + l_offset, pack_length_in_rec());
if (maybe_null_in_table())
*null_ptr= ((*null_ptr & (uchar) ~null_bit) |
(null_ptr[l_offset] & null_bit));

0 comments on commit bb17094

Please sign in to comment.