database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

Fixed stack overrun with some INSERT ... SELECT ... GROUP BY queries (Bug #3265)

Browse Source 
Ensure that raid_chunks is not set to higher than 255 as this could cause problems with DROP DATABASE. (Bug #3182)


mysql-test/r/raid.result:
  Test of raid_chunks > 255
mysql-test/t/raid.test:
  Test of raid_chunks > 255
sql/item.cc:
  Fixed wrong usage of str_value in Item::save_in_field
  This could caused a stack overrun with some very special INSERT ... SELECT ... GROUP BY queries where the GROUP BY value was an expression that generated a NULL value. (Bug #3265)
  The Item_copy_string::save_in_field() function is from 4.1 and helps optimized this case a bit
sql/item.h:
  Fixed wrong usage of str_value in Item_copy_string::save_in_field
sql/sql_insert.cc:
  More debug information
sql/table.cc:
  Ensure that raid_chunks is not set to higher than 255 as this could cause problems with DROP DATABASE.
  Another problem with values > 255 is that in the .frm file we store the chunks value in one byte.
  (Bug #3182)
This commit is contained in:
unknown
2004-04-28 03:37:45 +03:00
parent b825d9b023
commit b0a8fde897
6 changed files with 42 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
sql/sql_insert.cc
View File

@@ -391,6 +391,7 @@ int write_record(TABLE *table,COPY_INFO *info)
{
int error;
char *key=0;
DBUG_ENTER("write_record");
info->records++;
if (info->handle_duplicates == DUP_REPLACE)
@@ -474,14 +475,14 @@ int write_record(TABLE *table,COPY_INFO *info)
info->copied++;
if (key)
my_safe_afree(key,table->max_unique_length,MAX_KEY_LENGTH);
return 0;
DBUG_RETURN(0);
err:
if (key)
my_afree(key);
info->last_errno= error;
table->file->print_error(error,MYF(0));
return 1;
DBUG_RETURN(1);
}
@@ -1342,24 +1343,25 @@ select_insert::~select_insert()
bool select_insert::send_data(List<Item> &values)
{
DBUG_ENTER("select_insert::send_data");
if (thd->offset_limit)
{ // using limit offset,count
thd->offset_limit--;
return 0;
DBUG_RETURN(0);
}
if (fields->elements)
fill_record(*fields, values, 1);
else
fill_record(table->field, values, 1);
if (write_record(table,&info))
return 1;
DBUG_RETURN(1);
if (table->next_number_field) // Clear for next record
{
table->next_number_field->reset();
if (! last_insert_id && thd->insert_id_used)
last_insert_id=thd->insert_id();
}
return 0;
DBUG_RETURN(0);
}