mirror of
https://github.com/MariaDB/server.git
synced 2026-04-19 06:45:32 +02:00
MDEV-16699 heap-use-after-free in group_concat with compressed or GIS columns
Field_blob::store() has special code for GROUP_CONCAT temporary table (to store blob values in Blob_mem_storage - this prevents them from being freed/overwritten when a next row is read). Field_geom and Field_blob_compressed inherit from Field_blob but they have their own ::store() method without this special Blob_mem_storage support. Considering that non-grouping CONCAT() of such fields converts them to plain BLOB, let's do the same for GROUP_CONCAT. To do it, Item_func_group_concat::setup will signal that it's creating a temporary table for GROUP_CONCAT, and Field_blog::make_new_field() override will create base Field_blob when under group concat.
This commit is contained in:
Sergei Golubchik
parent
65418ca9ad
commit
3ea71a2c8e
11 changed files with 89 additions and 26 deletions
|
|
@ -4559,6 +4559,7 @@ public:
|
|||
return get_key_image_itRAW(ptr_arg, buff, length);
|
||||
}
|
||||
void set_key_image(const uchar *buff,uint length) override;
|
||||
Field *make_new_field(MEM_ROOT *, TABLE *new_table, bool keep_type) override;
|
||||
Field *new_key_field(MEM_ROOT *root, TABLE *new_table,
|
||||
uchar *new_ptr, uint32 length,
|
||||
uchar *new_null_ptr, uint new_null_bit) override;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue