database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

Bug#25172: Not checked buffer size leads to a server crash.

Browse Source 
After fix for bug#21798 JOIN stores the pointer to the buffer for sorting
fields. It is used while sorting for grouping and for ordering. If ORDER BY
clause has more elements then the GROUP BY clause then a memory overrun occurs.

Now the length of the ORDER BY list is always passed to the 
make_unireg_sortorder() function and it allocates buffer big enough to be
used for bigger list.
This commit is contained in:
evgen@moonbone.local
2007-01-19 18:34:09 +03:00
parent f3b3f1ef73
commit d7d5db64ec
6 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sql/sql_table.cc
View File

@@ -3883,7 +3883,7 @@ copy_data_between_tables(TABLE *from,TABLE *to,
Copy_field *copy,*copy_end;
ulong found_count,delete_count;
THD *thd= current_thd;
uint length;
uint length= 0;
SORT_FIELD *sortorder;
READ_RECORD info;
TABLE_LIST tables;