Merge bk-internal:/home/bk/mysql-5.1-opt

into  magare.gmz:/home/kgeorge/mysql/work/B26303-5.1-opt
parents 5e0596f4 93488413
...@@ -621,3 +621,20 @@ Pos Instruction ...@@ -621,3 +621,20 @@ Pos Instruction
0 stmt 2 "CREATE INDEX idx ON t1 (c1)" 0 stmt 2 "CREATE INDEX idx ON t1 (c1)"
DROP PROCEDURE p1; DROP PROCEDURE p1;
End of 5.0 tests. End of 5.0 tests.
CREATE PROCEDURE p1()
BEGIN
DECLARE dummy int default 0;
CASE 12
WHEN 12
THEN SET dummy = 0;
END CASE;
END//
SHOW PROCEDURE CODE p1;
Pos Instruction
0 set dummy@0 0
1 set_case_expr (6) 0 12
2 jump_if_not 5(6) (case_expr@0 = 12)
3 set dummy@0 0
4 jump 6
5 error 1339
DROP PROCEDURE p1;
...@@ -447,3 +447,21 @@ DROP PROCEDURE p1; ...@@ -447,3 +447,21 @@ DROP PROCEDURE p1;
--echo End of 5.0 tests. --echo End of 5.0 tests.
#
# Bug #26303: reserve() not called before qs_append() may lead to buffer
# overflow
#
DELIMITER //;
CREATE PROCEDURE p1()
BEGIN
DECLARE dummy int default 0;
CASE 12
WHEN 12
THEN SET dummy = 0;
END CASE;
END//
DELIMITER ;//
SHOW PROCEDURE CODE p1;
DROP PROCEDURE p1;
...@@ -1088,7 +1088,7 @@ bool Item_splocal::set_value(THD *thd, sp_rcontext *ctx, Item **it) ...@@ -1088,7 +1088,7 @@ bool Item_splocal::set_value(THD *thd, sp_rcontext *ctx, Item **it)
Item_case_expr methods Item_case_expr methods
*****************************************************************************/ *****************************************************************************/
Item_case_expr::Item_case_expr(int case_expr_id) Item_case_expr::Item_case_expr(uint case_expr_id)
:Item_sp_variable( C_STRING_WITH_LEN("case_expr")), :Item_sp_variable( C_STRING_WITH_LEN("case_expr")),
m_case_expr_id(case_expr_id) m_case_expr_id(case_expr_id)
{ {
...@@ -1125,6 +1125,8 @@ Item_case_expr::this_item_addr(THD *thd, Item **) ...@@ -1125,6 +1125,8 @@ Item_case_expr::this_item_addr(THD *thd, Item **)
void Item_case_expr::print(String *str) void Item_case_expr::print(String *str)
{ {
if (str->reserve(MAX_INT_WIDTH + sizeof("case_expr@")))
return; /* purecov: inspected */
VOID(str->append(STRING_WITH_LEN("case_expr@"))); VOID(str->append(STRING_WITH_LEN("case_expr@")));
str->qs_append(m_case_expr_id); str->qs_append(m_case_expr_id);
} }
......
...@@ -1116,7 +1116,7 @@ inline Item_result Item_splocal::result_type() const ...@@ -1116,7 +1116,7 @@ inline Item_result Item_splocal::result_type() const
class Item_case_expr :public Item_sp_variable class Item_case_expr :public Item_sp_variable
{ {
public: public:
Item_case_expr(int case_expr_id); Item_case_expr(uint case_expr_id);
public: public:
Item *this_item(); Item *this_item();
...@@ -1135,7 +1135,7 @@ public: ...@@ -1135,7 +1135,7 @@ public:
void print(String *str); void print(String *str);
private: private:
int m_case_expr_id; uint m_case_expr_id;
}; };
/***************************************************************************** /*****************************************************************************
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment