diff --git a/client/sql_string.cc b/client/sql_string.cc index eb80e29ed49..9d887ff031c 100644 --- a/client/sql_string.cc +++ b/client/sql_string.cc @@ -72,26 +72,26 @@ bool String::realloc(uint32 alloc_length) if (alloced) { if ((new_ptr= (char*) my_realloc(Ptr,len,MYF(MY_WME)))) - new_ptr[alloc_length]= 0; + { + Ptr=new_ptr; + Alloced_length=len; + } else - return TRUE; // Signal error + return TRUE; // Signal error } else if ((new_ptr= (char*) my_malloc(len,MYF(MY_WME)))) { - if (str_length > len - 1) - str_length= 0; if (str_length) // Avoid bugs in memcpy on AIX - memcpy(new_ptr, Ptr, str_length); - new_ptr[str_length]= 0; + memcpy(new_ptr,Ptr,str_length); + new_ptr[str_length]=0; + Ptr=new_ptr; + Alloced_length=len; alloced=1; } else return TRUE; // Signal error - Ptr= new_ptr; - Alloced_length= len; } - else - Ptr[alloc_length]= 0; + Ptr[alloc_length]=0; // This make other funcs shorter return FALSE; } diff --git a/mysql-test/r/func_str.result b/mysql-test/r/func_str.result index d7fd8c5c887..c121c8937d7 100644 --- a/mysql-test/r/func_str.result +++ b/mysql-test/r/func_str.result @@ -2181,10 +2181,4 @@ def format(a, 2) 253 20 4 Y 0 2 8 format(a, 2) 1.33 drop table t1; -CREATE TABLE t1 (c DATE, aa VARCHAR(30)); -INSERT INTO t1 VALUES ('2008-12-31','aaaaaa'); -SELECT DATE_FORMAT(c, GET_FORMAT(DATE, 'eur')) h, CONCAT(UPPER(aa),', ', aa) i FROM t1; -h i -31.12.2008 AAAAAA, aaaaaa -DROP TABLE t1; End of 5.0 tests diff --git a/mysql-test/t/func_str.test b/mysql-test/t/func_str.test index 389538c4cc0..8298a50c277 100644 --- a/mysql-test/t/func_str.test +++ b/mysql-test/t/func_str.test @@ -1159,13 +1159,4 @@ select format(a, 2) from t1; --disable_metadata drop table t1; -# -# Bug #41868: crash or memory overrun with concat + upper, date_format functions -# - -CREATE TABLE t1 (c DATE, aa VARCHAR(30)); -INSERT INTO t1 VALUES ('2008-12-31','aaaaaa'); -SELECT DATE_FORMAT(c, GET_FORMAT(DATE, 'eur')) h, CONCAT(UPPER(aa),', ', aa) i FROM t1; -DROP TABLE t1; - --echo End of 5.0 tests diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 9ff602bb62e..91c0aa66761 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -1047,11 +1047,6 @@ bool select_send::send_data(List &items) my_message(ER_OUT_OF_RESOURCES, ER(ER_OUT_OF_RESOURCES), MYF(0)); break; } - /* - Reset buffer to its original state, as it may have been altered in - Item::send(). - */ - buffer.set(buff, sizeof(buff), &my_charset_bin); } thd->sent_row_count++; if (!thd->vio_ok()) diff --git a/sql/sql_string.cc b/sql/sql_string.cc index b6ce4d8dc8d..75e47dd0c8e 100644 --- a/sql/sql_string.cc +++ b/sql/sql_string.cc @@ -72,26 +72,26 @@ bool String::realloc(uint32 alloc_length) if (alloced) { if ((new_ptr= (char*) my_realloc(Ptr,len,MYF(MY_WME)))) - new_ptr[alloc_length]= 0; + { + Ptr=new_ptr; + Alloced_length=len; + } else - return TRUE; // Signal error + return TRUE; // Signal error } else if ((new_ptr= (char*) my_malloc(len,MYF(MY_WME)))) { - if (str_length > len - 1) - str_length= 0; if (str_length) // Avoid bugs in memcpy on AIX - memcpy(new_ptr, Ptr, str_length); - new_ptr[str_length]= 0; + memcpy(new_ptr,Ptr,str_length); + new_ptr[str_length]=0; + Ptr=new_ptr; + Alloced_length=len; alloced=1; } else return TRUE; // Signal error - Ptr= new_ptr; - Alloced_length= len; } - else - Ptr[alloc_length]= 0; + Ptr[alloc_length]=0; // This make other funcs shorter return FALSE; }