Commit dc42ab6d authored by unknown's avatar unknown

Fix for bug#18177 any access to INFORMATION_SCHEMA.ROUTINES crashes

replaced get_field(MEM_ROOT *mem, Field *field) with 
get_field(MEM_ROOT *mem, Field *field, String *res).
It allows to avoid strlen().


mysql-test/r/information_schema.result:
  Fix for bug#18177 any access to INFORMATION_SCHEMA.ROUTINES crashes
  test case
mysql-test/t/information_schema.test:
  Fix for bug#18177 any access to INFORMATION_SCHEMA.ROUTINES crashes
  test case
parent 50e1f633
......@@ -1099,3 +1099,12 @@ CHARACTER_MAXIMUM_LENGTH CHARACTER_OCTET_LENGTH
1 3
9 27
drop table t1;
use mysql;
INSERT INTO `proc` VALUES ('test','','PROCEDURE','','SQL','CONTAINS_SQL',
'NO','DEFINER','','','BEGIN\r\n \r\nEND','root@%','2006-03-02 18:40:03',
'2006-03-02 18:40:03','','');
select routine_name from information_schema.routines;
routine_name
delete from proc where name='';
use test;
......@@ -811,3 +811,14 @@ default character set utf8;
select CHARACTER_MAXIMUM_LENGTH, CHARACTER_OCTET_LENGTH from
information_schema.columns where table_schema='test' and table_name = 't1';
drop table t1;
#
# Bug#18177 any access to INFORMATION_SCHEMA.ROUTINES crashes
#
use mysql;
INSERT INTO `proc` VALUES ('test','','PROCEDURE','','SQL','CONTAINS_SQL',
'NO','DEFINER','','','BEGIN\r\n \r\nEND','root@%','2006-03-02 18:40:03',
'2006-03-02 18:40:03','','');
select routine_name from information_schema.routines;
delete from proc where name='';
use test;
......@@ -2854,17 +2854,18 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table,
const char *wild, bool full_access, const char *sp_user)
{
String tmp_string;
String sp_db, sp_name, definer;
TIME time;
LEX *lex= thd->lex;
CHARSET_INFO *cs= system_charset_info;
const char *sp_db, *sp_name, *definer;
sp_db= get_field(thd->mem_root, proc_table->field[0]);
sp_name= get_field(thd->mem_root, proc_table->field[1]);
definer= get_field(thd->mem_root, proc_table->field[11]);
get_field(thd->mem_root, proc_table->field[0], &sp_db);
get_field(thd->mem_root, proc_table->field[1], &sp_name);
get_field(thd->mem_root, proc_table->field[11], &definer);
if (!full_access)
full_access= !strcmp(sp_user, definer);
if (!full_access && check_some_routine_access(thd, sp_db, sp_name,
proc_table->field[2]->val_int() == TYPE_ENUM_PROCEDURE))
full_access= !strcmp(sp_user, definer.ptr());
if (!full_access && check_some_routine_access(thd, sp_db.ptr(), sp_name.ptr(),
proc_table->field[2]->val_int() ==
TYPE_ENUM_PROCEDURE))
return 0;
if (lex->orig_sql_command == SQLCOM_SHOW_STATUS_PROC &&
......@@ -2874,13 +2875,13 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table,
lex->orig_sql_command == SQLCOM_END)
{
restore_record(table, s->default_values);
if (!wild || !wild[0] || !wild_compare(sp_name, wild, 0))
if (!wild || !wild[0] || !wild_compare(sp_name.ptr(), wild, 0))
{
int enum_idx= proc_table->field[5]->val_int();
table->field[3]->store(sp_name, strlen(sp_name), cs);
table->field[3]->store(sp_name.ptr(), sp_name.length(), cs);
get_field(thd->mem_root, proc_table->field[3], &tmp_string);
table->field[0]->store(tmp_string.ptr(), tmp_string.length(), cs);
table->field[2]->store(sp_db, strlen(sp_db), cs);
table->field[2]->store(sp_db.ptr(), sp_db.length(), cs);
get_field(thd->mem_root, proc_table->field[2], &tmp_string);
table->field[4]->store(tmp_string.ptr(), tmp_string.length(), cs);
if (proc_table->field[2]->val_int() == TYPE_ENUM_FUNCTION)
......@@ -2912,7 +2913,7 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table,
table->field[17]->store(tmp_string.ptr(), tmp_string.length(), cs);
get_field(thd->mem_root, proc_table->field[15], &tmp_string);
table->field[18]->store(tmp_string.ptr(), tmp_string.length(), cs);
table->field[19]->store(definer, strlen(definer), cs);
table->field[19]->store(definer.ptr(), definer.length(), cs);
return schema_table_store_record(thd, table);
}
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment