• unknown's avatar
    Bug #19216: Client crashes on long SELECT · e04385d8
    unknown authored
     The server sends a number of columns to the client.
     It uses a limited "fast" function for that instead of the
     general one. This fast function cannot send numbers larger 
     than 2 bytes. 
     This causes the client to expect smaller number of columns. 
     The client writes outside of the allocated memory buffer 
     as a result.
     Fixed the server to use the general function to send column
     count.
     Fixed the client to check the column count before writing
     column data. 
    
    
    mysql-test/t/mysql_client.test:
      Bug #19216: Client crashes on long SELECT
       - test case
    sql/protocol.cc:
      Bug #19216: Client crashes on long SELECT
       - renamed the function for bether comprehention
         and made it local
       - used the right (non-local) function to transfer 
         the column count in Protocol::send_fields
    sql/protocol.h:
      Bug #19216: Client crashes on long SELECT
       - made optimized net_store_length local
    sql-common/client.c:
      Bug #19216: Client crashes on long SELECT
       - fixed the client to check for older servers (without the fix).
    e04385d8
protocol.h 6 KB