Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20085

Negative count causes SQL repeat() to set expected result length to 16MB instead of 0

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • 10.4(EOL), 10.5
    • 10.3.18
    • Data types
    • None

    Description

      There is an incorrect result item length assigned when a negative repeat() counter used. Here is the assignement when we implicitly cast signed to unsigned getting overflow if count < 0. Later MDB assignes 16MB inside fix_char_length_ulonglong(). This causes a crash in CS. Here are the steps to reproduce.

      create table cs1(i bigint)engine=columnstore;
      insert into cs1 values (42);
      select repeat(i,-1) from cs1;
      

      Attachments

        Issue Links

          Activity

            People

              bar Alexander Barkov
              drrtuy Roman
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.