mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-05-15 19:37:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix for bug #41868: crash or memory overrun with concat + upper, date_format

Browse source 
functions
      
String::realloc() did not check whether the existing string data fits in the newly
allocated buffer for cases when reallocating a String object with external buffer
(i.e.alloced == FALSE).  This could lead to memory overruns in some cases.


mysql-test/r/func_str.result:
  Added a test case for bug #41868.
mysql-test/t/func_str.test:
  Added a test case for bug #41868.
sql/sql_class.cc:
  After each call to Item::send() in select_send::send_data() reset buffer to its
  original state to reduce unnecessary malloc() calls. See comments for bug #41868
  for detailed analysis.
sql/sql_string.cc:
  Fixed String::realloc() to check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer.
This commit is contained in:
Alexey Kopytov 2009-02-03 20:19:01 +03:00
commit dfbba6e7fd
5 changed files with 40 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

6
mysql-test/r/func_str.result
View file

@ -2181,4 +2181,10 @@ def format(a, 2) 253 20 4 Y 0 2 8
format(a, 2)
1.33
drop table t1;
CREATE TABLE t1 (c DATE, aa VARCHAR(30));
INSERT INTO t1 VALUES ('2008-12-31','aaaaaa');
SELECT DATE_FORMAT(c, GET_FORMAT(DATE, 'eur')) h, CONCAT(UPPER(aa),', ', aa) i FROM t1;
h i
31.12.2008 AAAAAA, aaaaaa
DROP TABLE t1;
End of 5.0 tests