| List: | Commits | « Previous MessageNext Message » | |
| From: | Mats Kindahl | Date: | July 7 2008 9:58am |
| Subject: | bzr commit into mysql-5.0 branch (mats:2642) Bug#37150 | ||
| View as plain text | |||
#At file:///home/bzr/b37150-mysql-5.0-bugteam/
2642 Mats Kindahl 2008-07-07
Bug #37150 Risk for crash in User_var_log_event::exec_event()
On certain kinds of errors (e.g., out of stack), a call to Item_func_
set_user_var::fix_fields() might fail. Since the return value of this
call was not checked inside User_var_log_event::exec_event(), continuing
execution after this will cause a crash inside Item_func_set_user_var::
update_hash().
The bug is fixed by aborting execution of the event with an error if
fix_fields() fails, since it is not possible to continue execution anyway.
modified:
sql/log_event.cc
per-file messages:
sql/log_event.cc
Aborting execution of event if fix_fields() fails since execution
of update_hash() might cause a crash.
=== modified file 'sql/log_event.cc'
--- a/sql/log_event.cc 2008-03-18 12:38:12 +0000
+++ b/sql/log_event.cc 2008-07-07 07:58:27 +0000
@@ -4154,8 +4154,14 @@ int User_var_log_event::exec_event(struc
/*
Item_func_set_user_var can't substitute something else on its place =>
0 can be passed as last argument (reference on item)
+
+ Fix_fields() can fail, in which case a call of update_hash() might
+ crash the server, so if fix fields fails, we just return with an
+ error.
*/
- e.fix_fields(thd, 0);
+ if (e.fix_fields(thd, 0))
+ return 1;
+
/*
A variable can just be considered as a table with
a single record and with a single column. Thus, like
| Thread | ||
|---|---|---|
| • bzr commit into mysql-5.0 branch (mats:2642) Bug#37150 | Mats Kindahl | 7 Jul |
© 1995-2008 MySQL AB, 2008-2009 Sun Microsystems, Inc.
Page generated in 0.014 sec. using MySQL 5.1.14-beta-log