Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20085

Negative count causes SQL repeat() to set expected result length to 16MB instead of 0

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 10.4, 10.5
    • Fix Version/s: 10.3.18
    • Component/s: Data types
    • Labels:
      None

      Description

      There is an incorrect result item length assigned when a negative repeat() counter used. Here is the assignement when we implicitly cast signed to unsigned getting overflow if count < 0. Later MDB assignes 16MB inside fix_char_length_ulonglong(). This causes a crash in CS. Here are the steps to reproduce.

      create table cs1(i bigint)engine=columnstore;
      insert into cs1 values (42);
      select repeat(i,-1) from cs1;
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bar Alexander Barkov
              Reporter:
              drrtuy Roman
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Git Integration