• evgen@moonbone.local's avatar
    Bug#25172: Not checked buffer size leads to a server crash. · d7d5db64
    evgen@moonbone.local authored
    After fix for bug#21798 JOIN stores the pointer to the buffer for sorting
    fields. It is used while sorting for grouping and for ordering. If ORDER BY
    clause has more elements then the GROUP BY clause then a memory overrun occurs.
    
    Now the length of the ORDER BY list is always passed to the 
    make_unireg_sortorder() function and it allocates buffer big enough to be
    used for bigger list.
    d7d5db64
sql_select.cc 476 KB