mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 12:02:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bug#12368495 CRASH AND/OR VALGRIND ERRORS WITH REVERSE FUNCTION AND CHARSET CONVERTS

Browse source 
Item_func_trim::val_str: we were using the non-mb algorithm for skipping leading spaces
in a multibyte-charset string.
This commit is contained in:
Tor Didriksen 2013-11-05 10:02:57 +01:00
parent d7ab3bf50e
commit 7ad0e1c527
1 changed files with 24 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
sql/item_strfunc.cc
View file

@ -1005,6 +1005,7 @@ String *Item_func_reverse::val_str(String *str)
if ((l= my_ismbchar(res->charset(),ptr,end)))
{
tmp-= l;
DBUG_ASSERT(tmp >= tmp_value.ptr());
memcpy(tmp,ptr,l);
ptr+= l;
}
@ -1751,18 +1752,35 @@ String *Item_func_trim::val_str(String *str)
ptr= (char*) res->ptr();
end= ptr+res->length();
r_ptr= remove_str->ptr();
while (ptr+remove_length <= end && !memcmp(ptr,r_ptr,remove_length))
ptr+=remove_length;
#ifdef USE_MB
if (use_mb(res->charset()))
{
while (ptr + remove_length <= end)
{
uint num_bytes= 0;
while (num_bytes < remove_length)
{
uint len;
if ((len= my_ismbchar(res->charset(), ptr + num_bytes, end)))
num_bytes+= len;
else
++num_bytes;
}
if (num_bytes != remove_length)
break;
if (memcmp(ptr, r_ptr, remove_length))
break;
ptr+= remove_length;
}
char *p=ptr;
register uint32 l;
loop:
while (ptr + remove_length < end)
{
if ((l=my_ismbchar(res->charset(), ptr,end))) ptr+=l;
else ++ptr;
if ((l= my_ismbchar(res->charset(), ptr,end)))
ptr+= l;
else
++ptr;
}
if (ptr + remove_length == end && !memcmp(ptr,r_ptr,remove_length))
{
@ -1775,6 +1793,8 @@ String *Item_func_trim::val_str(String *str)
else
#endif /* USE_MB */
{
while (ptr+remove_length <= end && !memcmp(ptr,r_ptr,remove_length))
ptr+=remove_length;
while (ptr + remove_length <= end &&
!memcmp(end-remove_length,r_ptr,remove_length))
end-=remove_length;