database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Bug#38469 invalid memory read and/or crash with utf8 text field, stored procedure, uservar

Browse Source 
A stored procedure involving substrings could crash the server on certain
platforms because of invalid memory reads.
          
During storing the new blob-field value, the cached value's address range
overlapped that of the new field value. This caused problems when the 
cached value storage was reallocated to provide access for a new 
characater set representation. The patch checks the address ranges, and if
they overlap, the new field value is copied to a new storage before it is
converted to the new character set.


mysql-test/r/sp.result:
  Added result set
mysql-test/t/sp.test:
  Added test case
sql/field.cc:
  The source and destination address ranges of a character conversion must not overlap or the 'from' address will be invalidated as the temporary value-
  object is re-allocated to fit the new character set.
sql/field.h:
  Added comments
This commit is contained in:
Kristofer Pettersson
2008-09-20 10:51:03 +02:00
parent bed8cec485
commit f0352e346a
4 changed files with 48 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
mysql-test/r/sp.result
View File

@ -6662,6 +6662,16 @@ drop procedure p1;
drop function f1;
drop view v1;
drop table t1;
drop procedure if exists `p2` $
create procedure `p2`(in `a` text charset utf8)
begin
declare `pos` int default 1;
declare `str` text charset utf8;
set `str` := `a`;
select substr(`str`, `pos`+ 1 ) into `str`;
end $
call `p2`('s s s s s s');
drop procedure `p2`;
# ------------------------------------------------------------------
# -- End of 5.0 tests
# ------------------------------------------------------------------