From cbd3dfbbcb85ffd4c3aecbf238857e9dc0a95be8 Mon Sep 17 00:00:00 2001
From: "svoj@mysql.com/june.mysql.com" <>
Date: Tue, 30 Oct 2007 14:46:43 +0400
Subject: [PATCH] BUG#11392 - fulltext search bug

Fulltext boolean mode phrase search may crash server on platforms
where size of pointer is not equal to size of unsigned integer
(in other words some 64-bit platforms).

The problem was integer overflow.

Affects 4.1 only.
---
 myisam/ft_boolean_search.c   | 3 ++-
 mysql-test/r/fulltext.result | 6 ++++++
 mysql-test/t/fulltext.test   | 8 ++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/myisam/ft_boolean_search.c b/myisam/ft_boolean_search.c
index f1ff8f6d886..fad25abcc6c 100644
--- a/myisam/ft_boolean_search.c
+++ b/myisam/ft_boolean_search.c
@@ -446,7 +446,8 @@ static int _ftb_strstr(const byte *s0, const byte *e0,
   {
     if (cs->coll->instr(cs, p0, e0 - p0, s1, e1 - s1, m, 2) != 2)
       return(0);
-    if ((!s_after || p0 + m[1].beg == s0 || !true_word_char(cs, p0[m[1].beg-1])) &&
+    if ((!s_after || p0 + m[1].beg == s0 ||
+         !true_word_char(cs, p0[(int) m[1].beg - 1])) &&
         (!e_before || p0 + m[1].end == e0 || !true_word_char(cs, p0[m[1].end])))
       return(1);
     p0+= m[1].beg;
diff --git a/mysql-test/r/fulltext.result b/mysql-test/r/fulltext.result
index 3700ace4b19..af41adf3a24 100644
--- a/mysql-test/r/fulltext.result
+++ b/mysql-test/r/fulltext.result
@@ -454,3 +454,9 @@ ALTER TABLE t1 DISABLE KEYS;
 SELECT * FROM t1 WHERE MATCH(a) AGAINST('test');
 ERROR HY000: Can't find FULLTEXT index matching the column list
 DROP TABLE t1;
+CREATE TABLE t1(a TEXT);
+INSERT INTO t1 VALUES(' aaaaa aaaa');
+SELECT * FROM t1 WHERE MATCH(a) AGAINST ('"aaaa"' IN BOOLEAN MODE);
+a
+ aaaaa aaaa
+DROP TABLE t1;
diff --git a/mysql-test/t/fulltext.test b/mysql-test/t/fulltext.test
index 1a9a6b578dc..661e93d8d87 100644
--- a/mysql-test/t/fulltext.test
+++ b/mysql-test/t/fulltext.test
@@ -379,4 +379,12 @@ ALTER TABLE t1 DISABLE KEYS;
 SELECT * FROM t1 WHERE MATCH(a) AGAINST('test');
 DROP TABLE t1;
 
+#
+# BUG#11392 - fulltext search bug
+#
+CREATE TABLE t1(a TEXT);
+INSERT INTO t1 VALUES(' aaaaa aaaa');
+SELECT * FROM t1 WHERE MATCH(a) AGAINST ('"aaaa"' IN BOOLEAN MODE);
+DROP TABLE t1;
+
 # End of 4.1 tests