[Commits] Rev 4353: MDEV-4513 Valgrind warnings (Conditional jump or move depends on uninitialised value) in inflate on UNCOMPRESS in lp:~maria-captains/maria/5.5

Sergei Golubchik serg at mariadb.org
Sat Nov 15 18:12:32 EET 2014


At lp:~maria-captains/maria/5.5

------------------------------------------------------------
revno: 4353
revision-id: sergii at pisem.net-20141115161232-nfm09jbnyshofnd2
parent: sergii at pisem.net-20141115155753-2ecfn06n4umfqq81
fixes bug: https://mariadb.atlassian.net/browse/MDEV-4513
committer: Sergei Golubchik <sergii at pisem.net>
branch nick: 5.5
timestamp: Sat 2014-11-15 17:12:32 +0100
message:
  MDEV-4513 Valgrind warnings (Conditional jump or move depends on uninitialised value) in inflate on UNCOMPRESS
=== modified file 'mysql-test/r/func_compress.result'
--- a/mysql-test/r/func_compress.result	2014-03-25 10:09:12 +0000
+++ b/mysql-test/r/func_compress.result	2014-11-15 16:12:32 +0000
@@ -147,3 +147,11 @@ DROP TABLE t1;
 #
 # End of 5.3 tests
 #
+SELECT UNCOMPRESS(CAST(0 AS BINARY(5)));
+UNCOMPRESS(CAST(0 AS BINARY(5)))
+NULL
+Warnings:
+Warning	1259	ZLIB: Input data corrupted
+#
+# End of 5.5 tests
+#

=== modified file 'mysql-test/t/func_compress.test'
--- a/mysql-test/t/func_compress.test	2014-03-23 12:02:56 +0000
+++ b/mysql-test/t/func_compress.test	2014-11-15 16:12:32 +0000
@@ -136,3 +136,12 @@ DROP TABLE t1;
 --echo #
 --echo # End of 5.3 tests
 --echo #
+
+#
+# MDEV-4513 Valgrind warnings (Conditional jump or move depends on uninitialised value) in inflate on UNCOMPRESS
+#
+SELECT UNCOMPRESS(CAST(0 AS BINARY(5)));
+
+--echo #
+--echo # End of 5.5 tests
+--echo #

=== modified file 'sql/item_strfunc.cc'
--- a/sql/item_strfunc.cc	2014-10-06 17:53:55 +0000
+++ b/sql/item_strfunc.cc	2014-11-15 16:12:32 +0000
@@ -3695,7 +3695,7 @@ String *Item_func_uncompress::val_str(St
     goto err;
 
   if ((err= uncompress((Byte*)buffer.ptr(), &new_size,
-		       ((const Bytef*)res->ptr())+4,res->length())) == Z_OK)
+		       ((const Bytef*)res->ptr())+4,res->length()-4)) == Z_OK)
   {
     buffer.length((uint32) new_size);
     return &buffer;



More information about the commits mailing list