-
Nisha Gopalakrishnan authored
Analysis: -------- REPLACE operation provides incorrect output when user variable is supplied as an argument and there are multiple rows on which the operation is performed. Consider the example below: SET @var='(( 00000000 ++ 00000000 ))'; SELECT REPLACE(@var, '00000000', table_name) AS a FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='mysql'; Invalid output: +---------------------------------------+ | REPLACE(@var, '00000000', TABLE_NAME) | +---------------------------------------+ | (( columns_priv ++ columns_priv )) | | (( columns_priv ++ columns_priv )) | ...... ...... | (( columns_priv ++ columns_priv )) | | (( columns_priv ++ columns_priv )) | | (( columns_priv ++ columns_priv )) | +---------------------------------------+ The user argument supplied as the string to REPLACE operation is overwritten after the first iteration to '(( columns_priv ++ columns_priv ))'. The overwritten string after the first iteration is used for the subsequent REPLACE iteration. Since the pattern string is not found, it returns invalid output as mentioned above. Fix: --- If the Alloced_length is zero, realloc() and create a copy of the string which is then used for the REPLACE operation for every iteration.
50e490fd