Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
c4afe67f
Commit
c4afe67f
authored
Sep 27, 2006
by
andrey@example.com
Browse files
Options
Browse Files
Download
Plain Diff
Merge example.com:/work/mysql-5.0-runtime
into example.com:/work/mysql-5.1-runtime-fresh2
parents
6cb96bb8
a4093f31
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
24 additions
and
1 deletion
+24
-1
mysql-test/t/sp.test
mysql-test/t/sp.test
+13
-0
sql/sp.cc
sql/sp.cc
+11
-1
No files found.
mysql-test/t/sp.test
View file @
c4afe67f
...
@@ -6315,6 +6315,19 @@ DROP PROCEDURE bug21414|
...
@@ -6315,6 +6315,19 @@ DROP PROCEDURE bug21414|
--
echo
End
of
5.0
tests
--
echo
End
of
5.0
tests
#
# BUG#21311: Possible stack overrun if SP has non-latin1 name
#
set
names
utf8
|
--
disable_warnings
drop
database
if
exists
това_е_дълго_име_за_база_данни_нали
|
--
enable_warnings
create
database
това_е_дълго_име_за_база_данни_нали
|
INSERT
INTO
mysql
.
proc
VALUES
(
'това_е_дълго_име_за_база_данни_нали'
,
'това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго'
,
'PROCEDURE'
,
'това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго'
,
'SQL'
,
'CONTAINS_SQL'
,
'NO'
,
'DEFINER'
,
''
,
''
,
'bad_body'
,
'root@localhost'
,
now
(),
now
(),
''
,
''
)
|
--
error
ER_SP_PROC_TABLE_CORRUPT
call
това_е_дълго_име_за_база_данни_нали
.
това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго
()
|
drop
database
това_е_дълго_име_за_база_данни_нали
|
#
#
# BUG#NNNN: New bug synopsis
# BUG#NNNN: New bug synopsis
#
#
...
...
sql/sp.cc
View file @
c4afe67f
...
@@ -1605,7 +1605,17 @@ sp_cache_routines_and_add_tables_aux(THD *thd, LEX *lex,
...
@@ -1605,7 +1605,17 @@ sp_cache_routines_and_add_tables_aux(THD *thd, LEX *lex,
*/
*/
if
(
!
thd
->
net
.
report_error
)
if
(
!
thd
->
net
.
report_error
)
{
{
char
n
[
NAME_LEN
*
2
+
2
];
/*
SP allows full NAME_LEN chars thus he have to allocate enough
size in bytes. Otherwise there is stack overrun could happen
if multibyte sequence is `name`. `db` is still safe because the
rest of the server checks agains NAME_LEN bytes and not chars.
Hence, the overrun happens only if the name is in length > 32 and
uses multibyte (cyrillic, greek, etc.)
!! Change 3 with SYSTEM_CHARSET_MBMAXLEN when it's defined.
*/
char
n
[
NAME_LEN
*
3
*
2
+
2
];
/* m_qname.str is not always \0 terminated */
/* m_qname.str is not always \0 terminated */
memcpy
(
n
,
name
.
m_qname
.
str
,
name
.
m_qname
.
length
);
memcpy
(
n
,
name
.
m_qname
.
str
,
name
.
m_qname
.
length
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment