From f797ea7124e906fd3abf311d66101a21dce2d27d Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Mon, 16 Jan 2017 18:47:53 +0100
Subject: MDEV-11601 Out-of-bounds string access in create_schema_table()

in Item_partition_func_safe_string(THD *thd, const char *name_arg,
uint length, CHARSET_INFO *cs= NULL), the 'name_arg' is the value
of the string constant and 'length' is the length of this constant,
so length == strlen(name_arg).
---
 sql/item.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sql/item.h')

diff --git a/sql/item.h b/sql/item.h
index 07b8a865652..b09e9297826 100644
--- a/sql/item.h
+++ b/sql/item.h
@@ -3206,7 +3206,7 @@ class Item_blob :public Item_partition_func_safe_string
 {
 public:
   Item_blob(THD *thd, const char *name_arg, uint length):
-    Item_partition_func_safe_string(thd, name_arg, length, &my_charset_bin)
+    Item_partition_func_safe_string(thd, name_arg, strlen(name_arg), &my_charset_bin)
   { max_length= length; }
   enum Type type() const { return TYPE_HOLDER; }
   enum_field_types field_type() const { return MYSQL_TYPE_BLOB; }
-- 
cgit v1.2.1