Hi, Jan! On Dec 02, Jan Lindström wrote:

revision-id: bde705fdaec49ab495eafcd18c609970a2566cb7 (mariadb-5.5.46-10-gbde705f) parent(s): 13ad179c96ee8c8c4043806b8575c851e3676f0d committer: Jan Lindström timestamp: 2015-12-02 17:53:28 +0200 message:

MDEV-7050: MySQL#74603 - Assertion `comma_length > 0' failed in mysql_prepare_create_table

Too short buffer was used for ENUM comma buffer.

--- mysql-test/r/create.result | 20 ++++++++++++++++++++ mysql-test/t/create.test | 21 +++++++++++++++++++++ sql/sql_table.cc | 2 +- 3 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/create.result b/mysql-test/r/create.result index 8dd3cc8..2da3460 100644 --- a/mysql-test/r/create.result +++ b/mysql-test/r/create.result @@ -2477,3 +2477,23 @@ t1 CREATE TABLE `t1` ( `c` char(32) AS (convert(cast(n as char), char)) PERSISTENT ) ENGINE=MyISAM DEFAULT CHARSET=latin1 drop table t1; +DROP DATABASE test; +CREATE DATABASE test; +USE test; +SET character_set_filesystem=filename; +SET @session_start_value=@@character_set_filesystem; +SET @@session.collation_server=@session_start_value; +create table t0(a ENUM('','')); +Warnings: +Note 1291 Column 'a' has duplicated value '' in ENUM +DROP DATABASE test; +CREATE DATABASE test; +USE test; +create table t0(a ENUM('','')); +Warnings: +Note 1291 Column 'a' has duplicated value '' in ENUM +DROP TABLE t0; +SET @@session.collation_server = latin1_swedish_ci; +DROP DATABASE test; +CREATE DATABASE test; +USE test;

You could do with a simpler test case. This one worked for me: set @@session.collation_server=filename; create table t1(a enum('','')); drop table t1; set @@session.collation_server=default;

diff --git a/sql/sql_table.cc b/sql/sql_table.cc index 6e589e2..6ce46ad 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -2986,7 +2986,7 @@ mysql_prepare_create_table(THD *thd, HA_CREATE_INFO *create_info, sql_field->interval_list); List_iterator<String> int_it(sql_field->interval_list); String conv, *tmp; - char comma_buf[4]; /* 4 bytes for utf32 */ + char comma_buf[8]; /* 4*2 bytes for utf32 */

incorrect comment, must be char comma_buf[5]; /* 5 bytes for 'filename' charset */ and please, add an assert: DBUG_ASSERT(sizeof(comma_buf) >= cs->mbmaxlen);

int comma_length= cs->cset->wc_mb(cs, ',', (uchar*) comma_buf, (uchar*) comma_buf + sizeof(comma_buf));

There's another bug, while 5 and the assert might not be working for you. I'll attach the patch with the fix. Feel free to push it, it must be pushed before your bugfix. Or wait for me to, as you like. Just tell me what you choose. Regards, Sergei Chief Architect MariaDB and security@mariadb.org -- Vote for my Percona Live 2016 talks: https://www.percona.com/live/data-performance-conference-2016/sessions/maria... https://www.percona.com/live/data-performance-conference-2016/sessions/maria...