Bug#27134148 UBSAN: DATE_ADD_INTERVAL - SIGNED INTEGER OVERFLOW

Post-push fix: add stricter checks for overflow when adding
intervals of type year, quarter, ..., second, microsecond.

Change-Id: I05237f8535392ecb0e3f86512c2e67eb171995e4
(cherry picked from commit 07a88b3c6a9a104502ac359ff2bf7567f2f0fd6f)

Author: Tor Didriksen

mysql-test/r/func_time.result

@@ -1971,18 +1971,23 @@ Warning	1441	Datetime function: datetime field overflow
 SELECT
 timestampadd(hour ,1.212208e+308,'1995-01-05 06:32:20.859724') as result;
 result
-1995-01-05 05:32:20.859724
+NULL
+Warnings:
+Warning	1441	Datetime function: datetime field overflow
 SELECT
 timestampadd(minute ,1.212208e+308,'1995-01-05 06:32:20.859724') as result;
 result
-1995-01-05 06:31:20.859724
+NULL
+Warnings:
+Warning	1441	Datetime function: datetime field overflow
 SELECT
 timestampadd(second ,1.212208e+308,'1995-01-05 06:32:20.859724') as result;
 result
-1995-01-05 06:32:20.859724
+NULL
 Warnings:
 Warning	1292	Truncated incorrect DECIMAL value: '1.212208'
 Warning	1292	Truncated incorrect DECIMAL value: '99999999999999999999999999999999999999999999999999999999999999999'
+Warning	1441	Datetime function: date_add_interval field overflow
 SELECT
 timestampadd(microsecond ,1.212208e+308,'1995-01-05 06:32:20.859724') as result;
 result
@@ -2018,12 +2023,49 @@ Warning	1441	Datetime function: date_add_interval field overflow
 SELECT
 date_add('1995-01-05', INTERVAL '9223372036854775808-02' SECOND) as result;
 result
-1995-01-05 00:00:00
+NULL
 Warnings:
 Warning	1292	Truncated incorrect DECIMAL value: '9223372036854775808'
+Warning	1441	Datetime function: date_add_interval field overflow
 SELECT
 date_add('1995-01-05', INTERVAL '9223372036854775700-02' YEAR_MONTH) as result;
 result
 NULL
 Warnings:
 Warning	1441	Datetime function: datetime field overflow
+SELECT
+date_add('1995-01-05', INTERVAL 9223372036854775806 SECOND) as result;
+result
+NULL
+Warnings:
+Warning	1441	Datetime function: datetime field overflow
+SELECT
+date_add('1995-01-05', INTERVAL 9223372036854775806 MINUTE) as result;
+result
+NULL
+Warnings:
+Warning	1441	Datetime function: datetime field overflow
+SELECT
+date_add('1995-01-05', INTERVAL 9223372036854775806 HOUR) as result;
+result
+NULL
+Warnings:
+Warning	1441	Datetime function: datetime field overflow
+SELECT
+date_add('1995-01-05', INTERVAL -9223372036854775806 SECOND) as result;
+result
+NULL
+Warnings:
+Warning	1441	Datetime function: datetime field overflow
+SELECT
+date_add('1995-01-05', INTERVAL -9223372036854775806 MINUTE) as result;
+result
+NULL
+Warnings:
+Warning	1441	Datetime function: datetime field overflow
+SELECT
+date_add('1995-01-05', INTERVAL -9223372036854775806 HOUR) as result;
+result
+NULL
+Warnings:
+Warning	1441	Datetime function: datetime field overflow

mysql-test/r/type_temporal_fractional.result

@@ -5552,7 +5552,7 @@ Warnings:
 Warning	1441	Datetime function: time field overflow
 SELECT DATE_ADD(TIME'00:00:00.0', INTERVAL 1000000000000000000000.1 SECOND);
 DATE_ADD(TIME'00:00:00.0', INTERVAL 1000000000000000000000.1 SECOND)
-00:00:00.0
+NULL
 Warnings:
 Warning	1292	Truncated incorrect DECIMAL value: '1000000000000000000000.1'
 CREATE TABLE t1 AS SELECT

mysql-test/t/func_time.test

@@ -1264,3 +1264,21 @@ date_add('1995-01-05', INTERVAL '9223372036854775808-02' SECOND) as result;
 
 SELECT
 date_add('1995-01-05', INTERVAL '9223372036854775700-02' YEAR_MONTH) as result;
+
+SELECT
+date_add('1995-01-05', INTERVAL 9223372036854775806 SECOND) as result;
+
+SELECT
+date_add('1995-01-05', INTERVAL 9223372036854775806 MINUTE) as result;
+
+SELECT
+date_add('1995-01-05', INTERVAL 9223372036854775806 HOUR) as result;
+
+SELECT
+date_add('1995-01-05', INTERVAL -9223372036854775806 SECOND) as result;
+
+SELECT
+date_add('1995-01-05', INTERVAL -9223372036854775806 MINUTE) as result;
+
+SELECT
+date_add('1995-01-05', INTERVAL -9223372036854775806 HOUR) as result;

sql/item_timefunc.cc

@@ -1655,10 +1655,12 @@ bool get_interval_value(Item *args, interval_type int_type,
   {
     my_decimal decimal_value, *val;
     lldiv_t tmp;
-    if (!(val= args->val_decimal(&decimal_value)) ||
-        my_decimal2lldiv_t(E_DEC_FATAL_ERROR, val, &tmp))
-      return false;
-    
+    if (!(val= args->val_decimal(&decimal_value)))
+      return true;
+    int lldiv_result= my_decimal2lldiv_t(E_DEC_FATAL_ERROR, val, &tmp);
+    if (lldiv_result == E_DEC_OVERFLOW)
+      return true;
+
     if (tmp.quot >= 0 && tmp.rem >= 0)
     {
       interval->neg= false;
@@ -1678,6 +1680,10 @@ bool get_interval_value(Item *args, interval_type int_type,
     value= args->val_int();
     if (args->null_value)
       return true;
+    /*
+      Large floating-point values will be truncated to LLONG_MIN / LLONG_MAX
+      LLONG_MIN cannot be negated below, so reject it here.
+    */
     if (value == LLONG_MIN)
       return true;
     if (value < 0)

sql/sql_time.cc

@@ -1388,7 +1388,7 @@ bool make_truncated_value_warning(THD *thd,
 
 
 /* Daynumber from year 0 to 9999-12-31 */
-#define MAX_DAY_NUMBER 3652424L
+#define MAX_DAY_NUMBER 3652424UL
 
 bool date_add_interval(MYSQL_TIME *ltime, interval_type int_type,
                        Interval interval)
@@ -1419,11 +1419,23 @@ bool date_add_interval(MYSQL_TIME *ltime, interval_type int_type,
     extra_sec= microseconds/1000000L;
     microseconds= microseconds%1000000L;
 
-    sec=((ltime->day-1)*3600*24L+ltime->hour*3600+ltime->minute*60+
+    if (interval.day > MAX_DAY_NUMBER)
+      goto invalid_date;
+    if (interval.hour > MAX_DAY_NUMBER * 24ULL)
+      goto invalid_date;
+    if (interval.minute > MAX_DAY_NUMBER * 24ULL * 60ULL)
+      goto invalid_date;
+    if (interval.second > MAX_DAY_NUMBER * 24ULL * 60ULL * 60ULL)
+      goto invalid_date;
+    sec=((ltime->day-1) * 3600LL * 24LL +
+         ltime->hour    * 3600LL +
+         ltime->minute  * 60LL +
 	 ltime->second +
-	 sign* (longlong) (interval.day*3600*24L +
-                           interval.hour*3600LL+interval.minute*60LL+
-                           interval.second))+ extra_sec;
+	 sign* (longlong) (interval.day    * 3600ULL * 24ULL +
+                           interval.hour   * 3600ULL +
+                           interval.minute *   60ULL +
+                           interval.second))
+      + extra_sec;
     if (microseconds < 0)
     {
       microseconds+= 1000000LL;