Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
6.0.0
-
Untriaged
-
1
-
Unknown
-
CX Sprint 259, CX Sprint 260, CX Sprint 261, CX Sprint 262
Description
SUBSTR function may produce a malformed string. SUBSTR function uses a string builder to construct the output substring. Before constructing the string, it gives an estimated length of the output substring to the string builder and then starts writing out the substring data to the builder buffer. If the actual data written exceeds the estimated length by an amount that requires the builder buffer to make more space to encode the actual length and shift the substring content, the resulting content gets malformed which might lead to failures up in the stack.
Also, for the function call SUBSTR(input_string, 0, num_chars_to_substring) with start offset = 0, SUBSTR always estimates the length to be 0-127 which means if the characters written go beyond 127, it will encounter the issue described above.
Attachments
Issue Links
Activity
Field | Original Value | New Value |
---|---|---|
Link | This issue causes CBSE-10563 [ CBSE-10563 ] |
Description | SUBSTR function may produce a malformed string. SUBSTR function uses a string builder to construct the output substring. Before constructing the string, it gives an estimated length of the output substring to the string builder, and then starts writing out the substring data to the builder buffer. If the actual data written exceeds the estimated length by an amount that requires the builder buffer to make more space to encode the actual length and shift the substring content, the resulting content gets malformed which might lead to failures up in the stack. |
SUBSTR function may produce a malformed string. SUBSTR function uses a string builder to construct the output substring. Before constructing the string, it gives an estimated length of the output substring to the string builder and then starts writing out the substring data to the builder buffer. If the actual data written exceeds the estimated length by an amount that requires the builder buffer to make more space to encode the actual length and shift the substring content, the resulting content gets malformed which might lead to failures up in the stack.
Also, for the function call SUBSTR(input_string, 0, num_chars_to_substring) with start offset = 0, SUBSTR always estimates the length to be 0-127 which means if the characters written go beyond 127, it will encounter the issue described above. |
Rank | Ranked higher |
Rank | Ranked higher |
Sprint | CX Sprint 259 [ 1736 ] |
Rank | Ranked lower |
Status | Open [ 1 ] | In Progress [ 3 ] |
Labels | triaged |
Fix Version/s | 7.0.2 [ 18012 ] |
Link | This issue is triggered by CBSE-10563 [ CBSE-10563 ] |
Link | This issue is triggered by CBSE-10563 [ CBSE-10563 ] |
Link | This issue blocks MB-46308 [ MB-46308 ] |
Labels | triaged | approved-for-7.0.2 triaged |
Sprint | CX Sprint 259 [ 1736 ] | CX Sprint 259, CX Sprint 260 [ 1736, 1758 ] |
Remote Link | This issue links to "Gerrit change (Web Link)" [ 23052 ] |
Sprint | CX Sprint 259, CX Sprint 260 [ 1736, 1758 ] | CX Sprint 259, CX Sprint 260, CX Sprint 261 [ 1736, 1758, 1765 ] |
Sprint | CX Sprint 259, CX Sprint 260, CX Sprint 261 [ 1736, 1758, 1765 ] | CX Sprint 259, CX Sprint 260, CX Sprint 261, CX Sprint 262 [ 1736, 1758, 1765, 1778 ] |
Link | This issue blocks MB-47673 [ MB-47673 ] |
Labels | approved-for-7.0.2 triaged | approved-for-6.6.4 approved-for-7.0.2 triaged |
Remote Link | This issue links to "*DB git commit 1 (Web Link)" [ 23120 ] |
Remote Link | This issue links to "*DB git commit 2 (Web Link)" [ 23129 ] |
Resolution | Fixed [ 1 ] | |
Status | In Progress [ 3 ] | Resolved [ 5 ] |
Assignee | Ali Alsuliman [ ali.alsuilman ] | Umang [ JIRAUSER24787 ] |
Status | Resolved [ 5 ] | Closed [ 6 ] |
Link | This issue blocks MB-50048 [ MB-50048 ] |