1
0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00

MDEV-16699 heap-use-after-free in group_concat with compressed or GIS columns

Field_blob::store() has special code for GROUP_CONCAT temporary table
(to store blob values in Blob_mem_storage - this prevents them
from being freed/overwritten when a next row is read).

Field_geom and Field_blob_compressed inherit from Field_blob but they
have their own ::store() method without this special Blob_mem_storage
support.

Considering that non-grouping CONCAT() of such fields converts
them to plain BLOB, let's do the same for GROUP_CONCAT. To do it,
Item_func_group_concat::setup will signal that it's creating
a temporary table for GROUP_CONCAT, and Field_blog::make_new_field()
override will create base Field_blob when under group concat.
This commit is contained in:
Sergei Golubchik
2024-08-31 23:57:33 +02:00
parent 65418ca9ad
commit 3ea71a2c8e
11 changed files with 89 additions and 26 deletions

View File

@ -2918,10 +2918,8 @@ CREATE TABLE t1 (a VARCHAR(500) COMPRESSED CHARACTER SET utf8mb3) ENGINE=InnoDB;
INSERT INTO t1 SET a=REPEAT('x',127);
ALTER TABLE t1 FORCE, ALGORITHM=COPY;
DROP TABLE t1;
#
# End of 10.4 tests
#
#
# MDEV-19727 Add Type_handler::Key_part_spec_init_ft
#
CREATE TABLE t1 (a VARCHAR(1000) COMPRESSED, FULLTEXT INDEX(a));
@ -2929,5 +2927,20 @@ ERROR HY000: Compressed column 'a' can't be used in key specification
CREATE TABLE t1 (a TEXT COMPRESSED, FULLTEXT INDEX(a));
ERROR HY000: Compressed column 'a' can't be used in key specification
#
# End of 10.5 tests
# MDEV-16699 heap-use-after-free in group_concat with compressed or GIS columns
#
create table t1 (c text compressed);
insert into t1 values ('foo'),(repeat('a',55000));
select length(group_concat(c order by 1)) from t1;
length(group_concat(c order by 1))
55004
create table t2 as select group_concat(c order by 1), concat(c), c from t1;
show create table t2;
Table Create Table
t2 CREATE TABLE `t2` (
`group_concat(c order by 1)` mediumtext DEFAULT NULL,
`concat(c)` text DEFAULT NULL,
`c` text /*M!100301 COMPRESSED*/ DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci
drop table t1, t2;
# End of 10.5 tests