• Alexey Kopytov's avatar
    Fix for bug #41868: crash or memory overrun with concat + upper, date_format · dfbba6e7
    Alexey Kopytov authored
                        functions
          
    String::realloc() did not check whether the existing string data fits in the newly
    allocated buffer for cases when reallocating a String object with external buffer
    (i.e.alloced == FALSE).  This could lead to memory overruns in some cases.
    
    
    mysql-test/r/func_str.result:
      Added a test case for bug #41868.
    mysql-test/t/func_str.test:
      Added a test case for bug #41868.
    sql/sql_class.cc:
      After each call to Item::send() in select_send::send_data() reset buffer to its
      original state to reduce unnecessary malloc() calls. See comments for bug #41868
      for detailed analysis.
    sql/sql_string.cc:
      Fixed String::realloc() to check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer.
    dfbba6e7
sql_string.cc 24.3 KB