2824 Kristofer Pettersson 2008-09-25 [merge]
5.1-6.0 merge
modified:
mysql-test/r/sp.result
mysql-test/t/sp.test
sql/field.cc
sql/field.h
2823 Mattias Jonsson 2008-09-23 [merge]
Manual merge (of bug#37803)
removed:
mysql-test/suite/parts/t/partition_alter2_ndb.test
added:
mysql-test/suite/parts/inc/partition_alter2_2.inc
mysql-test/suite/parts/r/partition_alter2_2_innodb.result
mysql-test/suite/parts/r/partition_alter2_2_myisam.result
mysql-test/suite/parts/t/partition_alter2_2_innodb.test
mysql-test/suite/parts/t/partition_alter2_2_myisam.test
renamed:
mysql-test/suite/parts/inc/partition_alter2.inc => mysql-test/suite/parts/inc/partition_alter2_1.inc
mysql-test/suite/parts/r/partition_alter2_innodb.result => mysql-test/suite/parts/r/partition_alter2_1_innodb.result
mysql-test/suite/parts/r/partition_alter2_myisam.result => mysql-test/suite/parts/r/partition_alter2_1_myisam.result
mysql-test/suite/parts/t/partition_alter2_innodb.test => mysql-test/suite/parts/t/partition_alter2_1_innodb.test
mysql-test/suite/parts/t/partition_alter2_myisam.test => mysql-test/suite/parts/t/partition_alter2_1_myisam.test
modified:
mysql-test/lib/mtr_cases.pl
mysql-test/mysql-test-run.pl
mysql-test/suite/parts/t/disabled.def
mysql-test/suite/parts/inc/partition_alter2_1.inc
mysql-test/suite/parts/r/partition_alter2_1_innodb.result
mysql-test/suite/parts/r/partition_alter2_1_myisam.result
mysql-test/suite/parts/t/partition_alter2_1_innodb.test
mysql-test/suite/parts/t/partition_alter2_1_myisam.test
=== modified file 'mysql-test/r/sp.result'
--- a/mysql-test/r/sp.result 2008-08-20 18:05:57 +0000
+++ b/mysql-test/r/sp.result 2008-09-25 11:46:17 +0000
@@ -6818,6 +6818,16 @@ drop procedure p1;
drop function f1;
drop view v1;
drop table t1;
+drop procedure if exists `p2` $
+create procedure `p2`(in `a` text charset utf8)
+begin
+declare `pos` int default 1;
+declare `str` text charset utf8;
+set `str` := `a`;
+select substr(`str`, `pos`+ 1 ) into `str`;
+end $
+call `p2`('s s s s s s');
+drop procedure `p2`;
# ------------------------------------------------------------------
# -- End of 5.0 tests
# ------------------------------------------------------------------
=== modified file 'mysql-test/t/sp.test'
--- a/mysql-test/t/sp.test 2008-08-20 18:05:57 +0000
+++ b/mysql-test/t/sp.test 2008-09-25 11:46:17 +0000
@@ -8020,6 +8020,24 @@ drop function f1;
drop view v1;
drop table t1;
+#
+# Bug#38469 invalid memory read and/or crash with utf8 text field, stored procedure, uservar
+#
+delimiter $;
+--disable_warnings
+drop procedure if exists `p2` $
+--enable_warnings
+create procedure `p2`(in `a` text charset utf8)
+begin
+ declare `pos` int default 1;
+ declare `str` text charset utf8;
+ set `str` := `a`;
+ select substr(`str`, `pos`+ 1 ) into `str`;
+end $
+delimiter ;$
+call `p2`('s s s s s s');
+drop procedure `p2`;
+
--echo # ------------------------------------------------------------------
--echo # -- End of 5.0 tests
--echo # ------------------------------------------------------------------
=== modified file 'sql/field.cc'
--- a/sql/field.cc 2008-09-15 11:09:29 +0000
+++ b/sql/field.cc 2008-09-25 11:46:17 +0000
@@ -7533,8 +7533,18 @@ int Field_blob::store(const char *from,u
return 0;
}
- if (from == value.ptr())
+ /*
+ If the 'from' address is in the range of the temporary 'value'-
+ object we need to copy the content to a different location or it will be
+ invalidated when the 'value'-object is reallocated to make room for
+ the new character set.
+ */
+ if (from >= value.ptr() && from <= value.ptr()+value.length())
{
+ /*
+ If content of the 'from'-address is cached in the 'value'-object
+ it is possible that the content needs a character conversion.
+ */
uint32 dummy_offset;
if (!String::needs_conversion(length, cs, field_charset, &dummy_offset))
{
=== modified file 'sql/field.h'
--- a/sql/field.h 2008-08-28 11:17:29 +0000
+++ b/sql/field.h 2008-09-25 11:46:17 +0000
@@ -1648,8 +1648,16 @@ private:
class Field_blob :public Field_longstr {
protected:
+ /**
+ The number of bytes used to represent the length of the blob.
+ */
uint packlength;
- String value; // For temporaries
+
+ /**
+ The 'value'-object is a cache fronting the storage engine.
+ */
+ String value;
+
public:
Field_blob(uchar *ptr_arg, uchar *null_ptr_arg, uchar null_bit_arg,
enum utype unireg_check_arg, const char *field_name_arg,
| Thread |
|---|
| • bzr push into mysql-6.0 branch (kpettersson:2823 to 2824) | Kristofer Pettersson | 25 Sep |
