• unknown's avatar
    Fix for bug#21311: Possible stack overrun if SP has non-latin1 name · fcb8687a
    unknown authored
      
    There was possible stack overrun in an edge case which handles invalid body of
    a SP in mysql.proc . That should be case when mysql.proc has been changed
    manually. Though, due to bug 21513, it can be exploited without having access
    to mysql.proc only being able to create a stored routine.
    
    
    mysql-test/r/sp.result:
      update result
    mysql-test/t/sp.test:
      add a test case for the bug
    sql/sp.cc:
      Fix stack overrun. This happen mostly when mysql.proc is damaged, though
      it's possible due to another bug which creates invalid SP body in mysql.proc
      (leading quote from a label being cut) to create stack overrun even without
      having direct access to mysql.proc
    fcb8687a
sp.cc 55.6 KB