• Alexey Kopytov's avatar
    Fix for bug #41868: crash or memory overrun with concat + upper, · fd8bf58c
    Alexey Kopytov authored
                        date_format functions
    
    String::realloc() did not check whether the existing string data fits in
    the newly allocated buffer for cases when reallocating a String object
    with external buffer (i.e.alloced == FALSE).  This could lead to memory
    overruns in some cases.
    
    client/sql_string.cc:
      Fixed String::realloc() to check whether the existing string data fits
      in the newly allocated buffer for cases when reallocating a String
      object with external buffer.
    mysql-test/r/func_str.result:
      Added a test case for bug #41868.
    mysql-test/t/func_str.test:
      Added a test case for bug #41868.
    sql/sql_class.cc:
      After each call to Item::send() in select_send::send_data() reset
      buffer to its original state to reduce unnecessary malloc() calls. See
      comments for bug #41868 for detailed analysis.
    sql/sql_string.cc:
      Fixed String::realloc() to check whether the existing string data fits
      in the newly allocated buffer for cases when reallocating a String
      object with external buffer.
    fd8bf58c
sql_string.cc 19.8 KB