Commit 145fd62b authored by anozdrin@mysql.com's avatar anozdrin@mysql.com

Fix for BUG#15588: String overrun during sp-vars.test

The bug appears after implementation of WL#2984
(Make stored routine variables work according to the standard).
parent 2c6ea2d2
...@@ -415,3 +415,10 @@ t1 CREATE TABLE `t1` ( ...@@ -415,3 +415,10 @@ t1 CREATE TABLE `t1` (
KEY `index1` (`f1`(10)) KEY `index1` (`f1`(10))
) ENGINE=MyISAM DEFAULT CHARSET=latin1 ) ENGINE=MyISAM DEFAULT CHARSET=latin1
drop table t1; drop table t1;
DROP TABLE IF EXISTS t1;
CREATE TABLE t1(f1 VARCHAR(100) DEFAULT 'test');
INSERT INTO t1 VALUES(SUBSTR(f1, 1, 3));
DROP TABLE IF EXISTS t1;
CREATE TABLE t1(f1 CHAR(100) DEFAULT 'test');
INSERT INTO t1 VALUES(SUBSTR(f1, 1, 3));
DROP TABLE IF EXISTS t1;
...@@ -130,3 +130,19 @@ show create table t1; ...@@ -130,3 +130,19 @@ show create table t1;
alter table t1 modify f1 tinytext; alter table t1 modify f1 tinytext;
show create table t1; show create table t1;
drop table t1; drop table t1;
#
# BUG#15588: String overrun
#
--disable_warnings
DROP TABLE IF EXISTS t1;
--enable_warnings
CREATE TABLE t1(f1 VARCHAR(100) DEFAULT 'test');
INSERT INTO t1 VALUES(SUBSTR(f1, 1, 3));
DROP TABLE IF EXISTS t1;
CREATE TABLE t1(f1 CHAR(100) DEFAULT 'test');
INSERT INTO t1 VALUES(SUBSTR(f1, 1, 3));
DROP TABLE IF EXISTS t1;
...@@ -5873,7 +5873,7 @@ int Field_string::store(const char *from,uint length,CHARSET_INFO *cs) ...@@ -5873,7 +5873,7 @@ int Field_string::store(const char *from,uint length,CHARSET_INFO *cs)
field_length/ field_length/
field_charset->mbmaxlen, field_charset->mbmaxlen,
&well_formed_error); &well_formed_error);
memcpy(ptr,from,copy_length); memmove(ptr, from, copy_length);
/* Append spaces if the string was shorter than the field. */ /* Append spaces if the string was shorter than the field. */
if (copy_length < field_length) if (copy_length < field_length)
...@@ -6266,7 +6266,7 @@ int Field_varstring::store(const char *from,uint length,CHARSET_INFO *cs) ...@@ -6266,7 +6266,7 @@ int Field_varstring::store(const char *from,uint length,CHARSET_INFO *cs)
field_length/ field_length/
field_charset->mbmaxlen, field_charset->mbmaxlen,
&well_formed_error); &well_formed_error);
memcpy(ptr + length_bytes, from, copy_length); memmove(ptr + length_bytes, from, copy_length);
if (length_bytes == 1) if (length_bytes == 1)
*ptr= (uchar) copy_length; *ptr= (uchar) copy_length;
else else
......
...@@ -105,13 +105,18 @@ sp_get_item_value(Item *item, String *str) ...@@ -105,13 +105,18 @@ sp_get_item_value(Item *item, String *str)
case STRING_RESULT: case STRING_RESULT:
{ {
char buf_holder[STRING_BUFFER_USUAL_SIZE];
String buf(buf_holder, sizeof(buf_holder), &my_charset_latin1);
String *result= item->val_str(str); String *result= item->val_str(str);
if (!result) if (!result)
return NULL; return NULL;
{
char buf_holder[STRING_BUFFER_USUAL_SIZE];
String buf(buf_holder, sizeof(buf_holder), result->charset());
/* We must reset length of the buffer, because of String specificity. */
buf.length(0);
buf.append('_'); buf.append('_');
buf.append(result->charset()->csname); buf.append(result->charset()->csname);
buf.append('\''); buf.append('\'');
...@@ -121,6 +126,7 @@ sp_get_item_value(Item *item, String *str) ...@@ -121,6 +126,7 @@ sp_get_item_value(Item *item, String *str)
return str; return str;
} }
}
case ROW_RESULT: case ROW_RESULT:
default: default:
...@@ -3085,9 +3091,16 @@ sp_instr_set_case_expr::exec_core(THD *thd, uint *nextp) ...@@ -3085,9 +3091,16 @@ sp_instr_set_case_expr::exec_core(THD *thd, uint *nextp)
void void
sp_instr_set_case_expr::print(String *str) sp_instr_set_case_expr::print(String *str)
{ {
str->append(STRING_WITH_LEN("set_case_expr ")); const char CASE_EXPR_TAG[]= "set_case_expr ";
const int CASE_EXPR_TAG_LEN= sizeof(CASE_EXPR_TAG) - 1;
const int INT_STRING_MAX_LEN= 10;
/* We must call reserve(), because qs_append() doesn't care about memory. */
str->reserve(CASE_EXPR_TAG_LEN + INT_STRING_MAX_LEN + 2);
str->qs_append(CASE_EXPR_TAG, CASE_EXPR_TAG_LEN);
str->qs_append(m_case_expr_id); str->qs_append(m_case_expr_id);
str->append(' '); str->qs_append(' ');
m_case_expr->print(str); m_case_expr->print(str);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment