Fix for bug #41868: crash or memory overrun with concat + upper, date_format
functions String::realloc() did not check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer (i.e.alloced == FALSE). This could lead to memory overruns in some cases.
Showing
Please register or sign in to comment