mirror of
https://github.com/MariaDB/server.git
synced 2025-11-22 17:44:29 +03:00
e14c9c5d9c
When setup_fields() function finds field named '*' it expands it to the list of all table fields. It does so by checking that the first char of field_name is '*', but it doesn't checks that the '* is the only char. Due to this, when updating table with a field named like '*name', such field is wrongly treated as '*' and expanded. This leads to making list of fields to update being longer than list of the new values. Later, the fill_record() function crashes by dereferencing null when there is left fields to update, but no more values. Added check in the setup_fields() function which ensures that the field expanding will be done only when '*' is the only char in the field name. mysql-test/t/update.test: Added test case for bug#16510: Updating field named like '*name' caused server crash mysql-test/r/update.result: Added test case for bug#16510: Updating field named like '*name' caused server crash sql/sql_base.cc: Fixed bug #16510: Updating field named like '*name' caused server crash. Added check in the setup_fields() function which ensures that the field expanding will be done only when '*' is the only char in the field name.
67 KiB
67 KiB