From b0a8fde89732a11475144f0f2ab88acedcebdf86 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 28 Apr 2004 03:37:45 +0300 Subject: Fixed stack overrun with some INSERT ... SELECT ... GROUP BY queries (Bug #3265) Ensure that raid_chunks is not set to higher than 255 as this could cause problems with DROP DATABASE. (Bug #3182) mysql-test/r/raid.result: Test of raid_chunks > 255 mysql-test/t/raid.test: Test of raid_chunks > 255 sql/item.cc: Fixed wrong usage of str_value in Item::save_in_field This could caused a stack overrun with some very special INSERT ... SELECT ... GROUP BY queries where the GROUP BY value was an expression that generated a NULL value. (Bug #3265) The Item_copy_string::save_in_field() function is from 4.1 and helps optimized this case a bit sql/item.h: Fixed wrong usage of str_value in Item_copy_string::save_in_field sql/sql_insert.cc: More debug information sql/table.cc: Ensure that raid_chunks is not set to higher than 255 as this could cause problems with DROP DATABASE. Another problem with values > 255 is that in the .frm file we store the chunks value in one byte. (Bug #3182) --- sql/sql_insert.cc | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'sql/sql_insert.cc') diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc index b09294cad6f..94e2f8f8850 100644 --- a/sql/sql_insert.cc +++ b/sql/sql_insert.cc @@ -391,6 +391,7 @@ int write_record(TABLE *table,COPY_INFO *info) { int error; char *key=0; + DBUG_ENTER("write_record"); info->records++; if (info->handle_duplicates == DUP_REPLACE) @@ -474,14 +475,14 @@ int write_record(TABLE *table,COPY_INFO *info) info->copied++; if (key) my_safe_afree(key,table->max_unique_length,MAX_KEY_LENGTH); - return 0; + DBUG_RETURN(0); err: if (key) my_afree(key); info->last_errno= error; table->file->print_error(error,MYF(0)); - return 1; + DBUG_RETURN(1); } @@ -1342,24 +1343,25 @@ select_insert::~select_insert() bool select_insert::send_data(List &values) { + DBUG_ENTER("select_insert::send_data"); if (thd->offset_limit) { // using limit offset,count thd->offset_limit--; - return 0; + DBUG_RETURN(0); } if (fields->elements) fill_record(*fields, values, 1); else fill_record(table->field, values, 1); if (write_record(table,&info)) - return 1; + DBUG_RETURN(1); if (table->next_number_field) // Clear for next record { table->next_number_field->reset(); if (! last_insert_id && thd->insert_id_used) last_insert_id=thd->insert_id(); } - return 0; + DBUG_RETURN(0); } -- cgit v1.2.1