database/mariadb-columnstore-engine
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-columnstore-engine.git synced 2025-07-30 19:23:07 +03:00
Code Activity

MCOL-5196 REPLACE function may trigger invalid capacity assertion (#2522)

Browse Source 
When length of string to replace minus length of string to replace to is
bigger than input string and processing mode allows for binary (memcmp
or std::string::find()) comparison, REPLACE may trigger invalid capacity
assertion and query processing will stop.

The fix is to properly count the number of occurences of the string to
replace, basically.
This commit is contained in:
Sergey Zefirov
2022-08-22 21:34:38 +03:00
committed by GitHub
parent bbb3c69e31
commit 50d95bf60a
3 changed files with 34 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
utils/funcexp/func_replace.cpp
View File

@ -71,19 +71,22 @@ std::string Func_replace::getStrVal(rowgroup::Row& row, FunctionParm& fp, bool&
if (binaryCmp)
{
// Count the number of fromstr in strend so we can reserve buffer space.
int count = 0;
do
size_t count = 0;
while ( string::npos != (pos = str.find(fromstr, pos)))
{
++count;
pos = str.find(fromstr, pos + fromLen);
} while (pos != string::npos);
pos += fromLen;
}
newstr.reserve(strLen + (count * ((int)toLen - (int)fromLen)) + 1);
if (count == 0)
{
return str;
}
newstr.reserve(strLen + (count * (toLen - fromLen)) + 1);
uint32_t i = 0;
pos = str.find(fromstr);
if (pos == string::npos)
return str;
// Move the stuff into newstr
do
{