database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

Fix for bug #41868: crash or memory overrun with concat + upper,

Browse Source 
date_format functions

String::realloc() did not check whether the existing string data fits in
the newly allocated buffer for cases when reallocating a String object
with external buffer (i.e.alloced == FALSE).  This could lead to memory
overruns in some cases.
This commit is contained in:
Alexey Kopytov
2009-02-10 15:38:56 +03:00
parent 6a834d1f4f
commit a715b70278
5 changed files with 32 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
sql/sql_class.cc
View File

@@ -1047,6 +1047,11 @@ bool select_send::send_data(List<Item> &items)
my_message(ER_OUT_OF_RESOURCES, ER(ER_OUT_OF_RESOURCES), MYF(0));
break;
}
/*
Reset buffer to its original state, as it may have been altered in
Item::send().
*/
buffer.set(buff, sizeof(buff), &my_charset_bin);
}
thd->sent_row_count++;
if (!thd->vio_ok())