| List: | Commits | « Previous MessageNext Message » | |
| From: | Kristofer Pettersson | Date: | September 15 2008 11:29pm |
| Subject: | bzr commit into mysql-5.1-bugteam branch (kpettersson:2677) Bug#38469 | ||
| View as plain text | |||
#At file:///home/thek/Development/cpp/mysqlbzr/mysql-5.0-bug38469/
2677 Kristofer Pettersson 2008-09-15
Bug#38469 invalid memory read and/or crash with utf8 text field, stored procedure,
uservar
A stored procedure involving substrings could crash the server on certain
platforms because of invalid memory reads.
This patch fixes this issue.
modified:
sql/field.cc
per-file messages:
sql/field.cc
The source and destination address ranges of a character conversion must not overlap
or the 'from' address will be invalidated as the temporary value-
object is re-allocated to fit the new character set.
=== modified file 'sql/field.cc'
--- a/sql/field.cc 2008-05-06 16:43:46 +0000
+++ b/sql/field.cc 2008-09-15 21:29:12 +0000
@@ -7001,11 +7001,21 @@ int Field_blob::store(const char *from,u
bmove(ptr+packlength,(char*) &from,sizeof(char*));
return 0;
}
+ }
+
+ /*
+ If the 'from' string is in the address range of the temporary 'value'-
+ object we need to copy the string to different location or it will be
+ invalidated when the 'value'-object is reallocated to make room for
+ the new character set.
+ */
+ if (from >= value.ptr() && from <= value.ptr()+value.length())
+ {
if (tmpstr.copy(from, length, cs))
goto oom_error;
from= tmpstr.ptr();
}
-
+
new_length= min(max_data_length(), field_charset->mbmaxlen * length);
if (value.alloc(new_length))
goto oom_error;
| Thread | ||
|---|---|---|
| • bzr commit into mysql-5.1-bugteam branch (kpettersson:2677) Bug#38469 | Kristofer Pettersson | 15 Sep |
© 1995-2008 MySQL AB, 2008-2009 Sun Microsystems, Inc.
Page generated in 0.047 sec. using MySQL 5.1.14-beta-log