Commit 145fd62b authored by anozdrin@mysql.com's avatar anozdrin@mysql.com

Fix for BUG#15588: String overrun during sp-vars.test

The bug appears after implementation of WL#2984
(Make stored routine variables work according to the standard).
parent 2c6ea2d2
......@@ -415,3 +415,10 @@ t1 CREATE TABLE `t1` (
KEY `index1` (`f1`(10))
) ENGINE=MyISAM DEFAULT CHARSET=latin1
drop table t1;
DROP TABLE IF EXISTS t1;
CREATE TABLE t1(f1 VARCHAR(100) DEFAULT 'test');
INSERT INTO t1 VALUES(SUBSTR(f1, 1, 3));
DROP TABLE IF EXISTS t1;
CREATE TABLE t1(f1 CHAR(100) DEFAULT 'test');
INSERT INTO t1 VALUES(SUBSTR(f1, 1, 3));
DROP TABLE IF EXISTS t1;
......@@ -130,3 +130,19 @@ show create table t1;
alter table t1 modify f1 tinytext;
show create table t1;
drop table t1;
#
# BUG#15588: String overrun
#
--disable_warnings
DROP TABLE IF EXISTS t1;
--enable_warnings
CREATE TABLE t1(f1 VARCHAR(100) DEFAULT 'test');
INSERT INTO t1 VALUES(SUBSTR(f1, 1, 3));
DROP TABLE IF EXISTS t1;
CREATE TABLE t1(f1 CHAR(100) DEFAULT 'test');
INSERT INTO t1 VALUES(SUBSTR(f1, 1, 3));
DROP TABLE IF EXISTS t1;
......@@ -5873,7 +5873,7 @@ int Field_string::store(const char *from,uint length,CHARSET_INFO *cs)
field_length/
field_charset->mbmaxlen,
&well_formed_error);
memcpy(ptr,from,copy_length);
memmove(ptr, from, copy_length);
/* Append spaces if the string was shorter than the field. */
if (copy_length < field_length)
......@@ -6266,7 +6266,7 @@ int Field_varstring::store(const char *from,uint length,CHARSET_INFO *cs)
field_length/
field_charset->mbmaxlen,
&well_formed_error);
memcpy(ptr + length_bytes, from, copy_length);
memmove(ptr + length_bytes, from, copy_length);
if (length_bytes == 1)
*ptr= (uchar) copy_length;
else
......
......@@ -105,13 +105,18 @@ sp_get_item_value(Item *item, String *str)
case STRING_RESULT:
{
char buf_holder[STRING_BUFFER_USUAL_SIZE];
String buf(buf_holder, sizeof(buf_holder), &my_charset_latin1);
String *result= item->val_str(str);
if (!result)
return NULL;
{
char buf_holder[STRING_BUFFER_USUAL_SIZE];
String buf(buf_holder, sizeof(buf_holder), result->charset());
/* We must reset length of the buffer, because of String specificity. */
buf.length(0);
buf.append('_');
buf.append(result->charset()->csname);
buf.append('\'');
......@@ -121,6 +126,7 @@ sp_get_item_value(Item *item, String *str)
return str;
}
}
case ROW_RESULT:
default:
......@@ -3085,9 +3091,16 @@ sp_instr_set_case_expr::exec_core(THD *thd, uint *nextp)
void
sp_instr_set_case_expr::print(String *str)
{
str->append(STRING_WITH_LEN("set_case_expr "));
const char CASE_EXPR_TAG[]= "set_case_expr ";
const int CASE_EXPR_TAG_LEN= sizeof(CASE_EXPR_TAG) - 1;
const int INT_STRING_MAX_LEN= 10;
/* We must call reserve(), because qs_append() doesn't care about memory. */
str->reserve(CASE_EXPR_TAG_LEN + INT_STRING_MAX_LEN + 2);
str->qs_append(CASE_EXPR_TAG, CASE_EXPR_TAG_LEN);
str->qs_append(m_case_expr_id);
str->append(' ');
str->qs_append(' ');
m_case_expr->print(str);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment