• Magne Mahre's avatar
    BUG#12589870 CRASHES WITH MULTIQUERY PACKET + USE<DB> + QUERY CACHE · f36e854a
    Magne Mahre authored
     
    A buffer large enough to hold the query _plus_ some additional
    data is allocated before parsing is started.   The additional data 
    is used by the query cache, and consists of the name of the current 
    database and a set of flags.
     
    When a packet containing multiple SQL statements is sent to the
    server and one of the statements changes the current database
    (a "USE <db>" statement), and the name of the new current database 
    is longer than of the previous,  there is not enough space in the 
    buffer for the new name, and we write out over the buffer boundary.
    
    The fix adds an extra field to store the number of bytes
    allocated to the database name in the buffer.  If the current
    database name changes, and the new name is longer than the
    previous one, we refuse to cache the query.
    f36e854a
sql_parse.cc 239 KB