Bug#23195404 EXCESSIVE MEMORY CAN BE USED BY THE QUOTE()

STRING FUNCTION Fix: ======= Added code in QUOTE string function to honor max_allowed_packet.

Bug#23195404 EXCESSIVE MEMORY CAN BE USED BY THE QUOTE()
STRING FUNCTION Fix: ======= Added code in QUOTE string function to honor max_allowed_packet.
b21a0212 · Ajo Robert · 7ec26b03 · b21a0212
Commit b21a0212 authored Feb 23, 2017 by Ajo Robert
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 1 deletion

sql/item_strfunc.cc sql/item_strfunc.cc +12 -1

No files found.
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
 /*
-   Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -3649,6 +3649,17 @@ String *Item_func_quote::val_str(String *str)
  *to= '\'';

 ret:
+  if (new_length > current_thd->variables.max_allowed_packet)
+  {
+    push_warning_printf(current_thd, MYSQL_ERROR::WARN_LEVEL_WARN,
+                        ER_WARN_ALLOWED_PACKET_OVERFLOWED,
+                        ER_THD(current_thd, ER_WARN_ALLOWED_PACKET_OVERFLOWED),
+                        func_name(),
+                        current_thd->variables.max_allowed_packet);
+    null_value= true;
+    return NULL;
+  }
+
  tmp_value.length(new_length);
  tmp_value.set_charset(collation.collation);
  null_value= 0;