Commit c4afe67f authored by andrey@example.com's avatar andrey@example.com

Merge example.com:/work/mysql-5.0-runtime

into  example.com:/work/mysql-5.1-runtime-fresh2
parents 6cb96bb8 a4093f31
...@@ -6315,6 +6315,19 @@ DROP PROCEDURE bug21414| ...@@ -6315,6 +6315,19 @@ DROP PROCEDURE bug21414|
--echo End of 5.0 tests --echo End of 5.0 tests
#
# BUG#21311: Possible stack overrun if SP has non-latin1 name
#
set names utf8|
--disable_warnings
drop database if exists това_е_дълго_име_за_база_данни_нали|
--enable_warnings
create database това_е_дълго_име_за_база_данни_нали|
INSERT INTO mysql.proc VALUES ('това_е_дълго_име_за_база_данни_нали','това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго','PROCEDURE','това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго','SQL','CONTAINS_SQL','NO','DEFINER','','','bad_body','root@localhost',now(), now(),'','')|
--error ER_SP_PROC_TABLE_CORRUPT
call това_е_дълго_име_за_база_данни_нали.това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго()|
drop database това_е_дълго_име_за_база_данни_нали|
# #
# BUG#NNNN: New bug synopsis # BUG#NNNN: New bug synopsis
# #
......
...@@ -1605,7 +1605,17 @@ sp_cache_routines_and_add_tables_aux(THD *thd, LEX *lex, ...@@ -1605,7 +1605,17 @@ sp_cache_routines_and_add_tables_aux(THD *thd, LEX *lex,
*/ */
if (!thd->net.report_error) if (!thd->net.report_error)
{ {
char n[NAME_LEN*2+2]; /*
SP allows full NAME_LEN chars thus he have to allocate enough
size in bytes. Otherwise there is stack overrun could happen
if multibyte sequence is `name`. `db` is still safe because the
rest of the server checks agains NAME_LEN bytes and not chars.
Hence, the overrun happens only if the name is in length > 32 and
uses multibyte (cyrillic, greek, etc.)
!! Change 3 with SYSTEM_CHARSET_MBMAXLEN when it's defined.
*/
char n[NAME_LEN*3*2+2];
/* m_qname.str is not always \0 terminated */ /* m_qname.str is not always \0 terminated */
memcpy(n, name.m_qname.str, name.m_qname.length); memcpy(n, name.m_qname.str, name.m_qname.length);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment