diff options
| author | Alexey Kopytov <Alexey.Kopytov@sun.com> | 2009-02-03 20:19:01 +0300 |
|---|---|---|
| committer | Alexey Kopytov <Alexey.Kopytov@sun.com> | 2009-02-03 20:19:01 +0300 |
| commit | dfbba6e7fda2286a2c021a025fa82926551e01f9 (patch) | |
| tree | f878e9c7f35c92af0cfcc10bdffa8aa396ba5df8 /mysql-test/t/func_str.test | |
| parent | ecfdc3560c1e20c673337420761fa11c084ed2d8 (diff) | |
| download | mariadb-git-dfbba6e7fda2286a2c021a025fa82926551e01f9.tar.gz | |
Fix for bug #41868: crash or memory overrun with concat + upper, date_format
functions
String::realloc() did not check whether the existing string data fits in the newly
allocated buffer for cases when reallocating a String object with external buffer
(i.e.alloced == FALSE). This could lead to memory overruns in some cases.
mysql-test/r/func_str.result:
Added a test case for bug #41868.
mysql-test/t/func_str.test:
Added a test case for bug #41868.
sql/sql_class.cc:
After each call to Item::send() in select_send::send_data() reset buffer to its
original state to reduce unnecessary malloc() calls. See comments for bug #41868
for detailed analysis.
sql/sql_string.cc:
Fixed String::realloc() to check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer.
Diffstat (limited to 'mysql-test/t/func_str.test')
| -rw-r--r-- | mysql-test/t/func_str.test | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/mysql-test/t/func_str.test b/mysql-test/t/func_str.test index 8298a50c277..389538c4cc0 100644 --- a/mysql-test/t/func_str.test +++ b/mysql-test/t/func_str.test @@ -1159,4 +1159,13 @@ select format(a, 2) from t1; --disable_metadata drop table t1; +# +# Bug #41868: crash or memory overrun with concat + upper, date_format functions +# + +CREATE TABLE t1 (c DATE, aa VARCHAR(30)); +INSERT INTO t1 VALUES ('2008-12-31','aaaaaa'); +SELECT DATE_FORMAT(c, GET_FORMAT(DATE, 'eur')) h, CONCAT(UPPER(aa),', ', aa) i FROM t1; +DROP TABLE t1; + --echo End of 5.0 tests |