[#MDEV-20085] Negative count causes SQL repeat() to set expected result length to 16MB instead of 0

[MDEV-20085] Negative count causes SQL repeat() to set expected result length to 16MB instead of 0 Created: 2019-07-18 Updated: 2019-08-09 Resolved: 2019-08-09
Status:	Closed
Project:	MariaDB Server
Component/s:	Data types
Affects Version/s:	10.4, 10.5
Fix Version/s:	10.3.18

Type:

Bug

Priority:

Minor

Reporter:

Roman

Assignee:

Alexander Barkov

Resolution:

Fixed

Votes:

Labels:

None

Attachments:

repeat1_crash_fix.patch

Issue Links:

Blocks
blocks	~~MCOL-2178~~	Run CS with vanilla 10.4	Closed
is blocked by	~~MDEV-20292~~	REPEAT(x,-1) returns a wrong data type	Closed

Description

There is an incorrect result item length assigned when a negative repeat() counter used. Here is the assignement when we implicitly cast signed to unsigned getting overflow if count < 0. Later MDB assignes 16MB inside fix_char_length_ulonglong(). This causes a crash in CS. Here are the steps to reproduce.

create table cs1(i bigint)engine=columnstore;

insert into cs1 values (42);

select repeat(i,-1) from cs1;

Comments

Comment by Roman [ 2019-07-18 ]

Kindly find the fix for the issue attached.

Comment by Roman [ 2019-08-09 ]

The original issue in MDB has been fixed so I close the issue.

Generated at Thu Feb 08 08:56:37 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-20085] Negative count causes SQL repeat() to set expected result length to 16MB instead of 0 Created: 2019-07-18 Updated: 2019-08-09 Resolved: 2019-08-09