Bug 1461091 - Test case failure: /CoreOS/mysql/Security/CVE-2012-0540-unspecified-vulnerability-related-to-GIS-extension-DoS
Test case failure: /CoreOS/mysql/Security/CVE-2012-0540-unspecified-vulnerabi...
Status: NEW
Product: Red Hat Software Collections
Classification: Red Hat
Component: mysql (Show other bugs)
Unspecified Linux
unspecified Severity unspecified
: ---
: 3.1
Assigned To: Michal Schorm
Depends On:
  Show dependency treegraph
Reported: 2017-06-13 09:36 EDT by Karel Volný
Modified: 2017-06-23 03:46 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
kvolny: needinfo+

Attachments (Terms of Use)

  None (edit)
Description Karel Volný 2017-06-13 09:36:09 EDT
Filed from caserun https://tcms.engineering.redhat.com/run/311469/#caserun_15765057

Version-Release number of selected component (if applicable):

Steps to Reproduce: 
run the test

Actual results: 
ERROR 3055 (HY000) at line 1: Geometry byte string must be little endian.

Expected results:
no such error, null result

looks like an expected change of behaviour - stricter input checks, but I cannot find it in docs, Michale, Honzo, could you take a look, please?
Comment 2 Honza Horak 2017-06-19 03:44:01 EDT
Worth mentioning that the test fails the same with 5.7.16, so it is not a regression. The code around this check did not change since 5.7.5, so I expect it is an expected behaviour for 5.7 (https://github.com/mysql/mysql-server/blame/5.7/sql/spatial.cc#L367).

Also, going a step back, more stricter checking of values might be just another way to avoid crashes, so to me it looks like such error should be also taken as test PASSED, since what we really need to check where is whether the daemon crashes or not.

So, I'm more in favor rewriting the test so that it returns PASS on this error.

Note You need to log in before you can comment on or make changes to this bug.