diff options
author | Davi Arnaut <Davi.Arnaut@Sun.COM> | 2009-02-09 16:17:58 -0200 |
---|---|---|
committer | Davi Arnaut <Davi.Arnaut@Sun.COM> | 2009-02-09 16:17:58 -0200 |
commit | bab4ff1ae52762e5eeb828d89cc7cd3b6e94f3aa (patch) | |
tree | 3a8004c645037bae538dd8c5d994c150adbba3c9 /mysql-test/suite/binlog/r/binlog_unsafe.result | |
parent | 461cad77b4e068ecc2534150170a029e6f425407 (diff) | |
download | mariadb-git-bab4ff1ae52762e5eeb828d89cc7cd3b6e94f3aa.tar.gz |
Bug#42634: % character in query can cause mysqld signal 11 segfault
The problem is that a unfiltered user query was being passed as
the format string parameter of sql_print_warning which later
performs printf-like formatting, leading to crashes if the user
query contains formatting instructions (ie: %s). Also, it was
using THD::query as the source of the user query, but this
variable is not meaningful in some situations -- in a delayed
insert, it points to the table name.
The solution is to pass the user query as a parameter for the
format string and use the function parameter query_arg as the
source of the user query.
mysql-test/suite/binlog/r/binlog_unsafe.result:
Add test case result for Bug#42634
mysql-test/suite/binlog/t/binlog_unsafe.test:
Add test case for Bug#42634
sql/sql_class.cc:
Don't pass the user query as a format string.
Diffstat (limited to 'mysql-test/suite/binlog/r/binlog_unsafe.result')
-rw-r--r-- | mysql-test/suite/binlog/r/binlog_unsafe.result | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/mysql-test/suite/binlog/r/binlog_unsafe.result b/mysql-test/suite/binlog/r/binlog_unsafe.result index 1f7b217dc31..7c0980ba77c 100644 --- a/mysql-test/suite/binlog/r/binlog_unsafe.result +++ b/mysql-test/suite/binlog/r/binlog_unsafe.result @@ -220,3 +220,10 @@ Warning 1592 Statement is not safe to log in statement format. Warning 1592 Statement is not safe to log in statement format. DROP PROCEDURE p1; DROP TABLE t1; +DROP TABLE IF EXISTS t1; +CREATE TABLE t1 (a VARCHAR(100), b VARCHAR(100)); +INSERT INTO t1 VALUES ('a','b'); +UPDATE t1 SET b = '%s%s%s%s%s%s%s%s%s%s%s%s%s%s' WHERE a = 'a' LIMIT 1; +Warnings: +Warning 1592 Statement is not safe to log in statement format. +DROP TABLE t1; |