List:Commits« Previous MessageNext Message »
From:tim Date:March 21 2007 7:27pm
Subject:bk commit into 5.0 tree (tsmith:1.2415)
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of tsmith. When tsmith does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-03-21 20:27:46+01:00, tsmith@stripped +1 -0
  5.0.36-sp backport: bug 27231
  Bug 27231: Server crash when dumping into outfile with long FIELDS ENCLOSED BY option
  - Problem: data separators were copied to a fixed-size buffer
    on the stack; memcpy was used, without bounds checking; a
    server crash could result if long FIELDS ENCLOSED BY, etc.,
    was given
  - Fix: write the separators directly, instead of copying to
    a buffer first (in select_export::send_data())

  sql/sql_class.cc@stripped, 2007-03-21 20:21:29+01:00, tsmith@stripped +6 -8
    5.0.36-sp backport: bug 27231
      In select_export::send_data(), write data separators
      directly, instead of copying into a fixed-size memory
      buffer before writing.  This avoids a buffer overflow
      when very large separators are specified.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	tsmith
# Host:	quadxeon.mysql.com
# Root:	/benchmarks/ext3/TOSAVE/tsmith/bk/mysql-5.0.36-sp

--- 1.257/sql/sql_class.cc	2007-01-24 03:13:38 +01:00
+++ 1.258/sql/sql_class.cc	2007-03-21 20:21:29 +01:00
@@ -1175,7 +1175,6 @@
   }
   row_count++;
   Item *item;
-  char *buff_ptr=buff;
   uint used_length=0,items_left=items.elements;
   List_iterator_fast<Item> li(items);
 
@@ -1275,19 +1274,18 @@
 	  goto err;
       }
     }
-    buff_ptr=buff;				// Place separators here
     if (res && (!exchange->opt_enclosed || result_type == STRING_RESULT))
     {
-      memcpy(buff_ptr,exchange->enclosed->ptr(),exchange->enclosed->length());
-      buff_ptr+=exchange->enclosed->length();
+      if (my_b_write(&cache, (byte*) exchange->enclosed->ptr(),
+                     exchange->enclosed->length()))
+        goto err;
     }
     if (--items_left)
     {
-      memcpy(buff_ptr,exchange->field_term->ptr(),field_term_length);
-      buff_ptr+=field_term_length;
+      if (my_b_write(&cache, (byte*) exchange->field_term->ptr(),
+                     field_term_length))
+        goto err;
     }
-    if (my_b_write(&cache,(byte*) buff,(uint) (buff_ptr-buff)))
-      goto err;
   }
   if (my_b_write(&cache,(byte*) exchange->line_term->ptr(),
 		 exchange->line_term->length()))
Thread
bk commit into 5.0 tree (tsmith:1.2415)tim21 Mar