Below is the list of changes that have just been committed into a local
5.0 repository of andrey. When andrey does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2006-09-27 22:25:23+02:00, andrey@stripped +3 -0
Merge ahristov@stripped:/home/bk/mysql-5.0-runtime
into example.com:/work/mysql-5.0-runtime
MERGE: 1.2244.25.1
mysql-test/r/sp.result@stripped, 2006-09-27 22:25:17+02:00, andrey@stripped +7 -7
manual merge
MERGE: 1.211.1.1
mysql-test/t/sp.test@stripped, 2006-09-27 22:22:42+02:00, andrey@stripped +0 -0
Auto merged
MERGE: 1.199.1.1
sql/sp.cc@stripped, 2006-09-27 22:22:42+02:00, andrey@stripped +0 -0
Auto merged
MERGE: 1.116.2.1
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: andrey
# Host: example.com
# Root: /work/mysql-5.0-runtime/RESYNC
--- 1.212/mysql-test/r/sp.result 2006-09-27 22:25:41 +02:00
+++ 1.213/mysql-test/r/sp.result 2006-09-27 22:25:41 +02:00
@@ -5402,4 +5402,11 @@ ERROR HY000: Can't execute the query bec
UNLOCK TABLES|
The following should succeed.
DROP PROCEDURE bug21414|
+set names utf8|
+drop database if exists това_е_дълго_име_за_база_данни_нали|
+create database това_е_дълго_име_за_база_данни_нали|
+INSERT INTO mysql.proc VALUES ('това_е_дълго_име_за_база_данни_нали','това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго','PROCEDURE','това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго','SQL','CONTAINS_SQL','NO','DEFINER','','','bad_body','root@localhost',now(), now(),'','')|
+call това_е_дълго_име_за_база_данни_нали.това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго()|
+ERROR HY000: Failed to load routine това_е_дълго_име_за_база_данни_нали.това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго. The table mysql.proc is missing, corrupt, or contains bad data (internal code -6)
+drop database това_е_дълго_име_за_база_данни_нали|
drop table t1,t2;
--- 1.200/mysql-test/t/sp.test 2006-09-27 22:25:41 +02:00
+++ 1.201/mysql-test/t/sp.test 2006-09-27 22:25:41 +02:00
@@ -6340,6 +6340,19 @@ DROP PROCEDURE bug21414|
#
+# BUG#21311: Possible stack overrun if SP has non-latin1 name
+#
+set names utf8|
+--disable_warnings
+drop database if exists това_е_дълго_име_за_база_данни_нали|
+--enable_warnings
+create database това_е_дълго_име_за_база_данни_нали|
+INSERT INTO mysql.proc VALUES ('това_е_дълго_име_за_база_данни_нали','това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго','PROCEDURE','това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго','SQL','CONTAINS_SQL','NO','DEFINER','','','bad_body','root@localhost',now(), now(),'','')|
+--error ER_SP_PROC_TABLE_CORRUPT
+call това_е_дълго_име_за_база_данни_нали.това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго()|
+drop database това_е_дълго_име_за_база_данни_нали|
+
+#
# BUG#NNNN: New bug synopsis
#
#--disable_warnings
--- 1.118/sql/sp.cc 2006-09-27 22:25:41 +02:00
+++ 1.119/sql/sp.cc 2006-09-27 22:25:41 +02:00
@@ -1606,7 +1606,17 @@ sp_cache_routines_and_add_tables_aux(THD
*/
if (!thd->net.report_error)
{
- char n[NAME_LEN*2+2];
+ /*
+ SP allows full NAME_LEN chars thus he have to allocate enough
+ size in bytes. Otherwise there is stack overrun could happen
+ if multibyte sequence is `name`. `db` is still safe because the
+ rest of the server checks agains NAME_LEN bytes and not chars.
+ Hence, the overrun happens only if the name is in length > 32 and
+ uses multibyte (cyrillic, greek, etc.)
+
+ !! Change 3 with SYSTEM_CHARSET_MBMAXLEN when it's defined.
+ */
+ char n[NAME_LEN*3*2+2];
/* m_qname.str is not always \0 terminated */
memcpy(n, name.m_qname.str, name.m_qname.length);
| Thread |
|---|
| • bk commit into 5.0 tree (andrey:1.2266) | ahristov | 27 Sep |
