Commit 5039184e authored by cmiller@zippy.(none)'s avatar cmiller@zippy.(none)

Bug#19006: 4.0 valgrind problems (in test func_str)

On exactly-sized Strings, the String::c_ptr() function peeked beyond the
end of the buffer, possibly into unititialized space to see whether the 
buffer was NUL-terminated.

In a place that did peek improperly, we now use a c_ptr_safe() function, 
which doesn't peek where it shouldn't.
parent c36dd286
...@@ -67,6 +67,14 @@ public: ...@@ -67,6 +67,14 @@ public:
Ptr[str_length]=0; Ptr[str_length]=0;
return Ptr; return Ptr;
} }
inline char *c_ptr_safe()
{
if (Ptr && str_length < Alloced_length)
Ptr[str_length]=0;
else
(void) realloc(str_length);
return Ptr;
}
void set(String &str,uint32 offset,uint32 arg_length) void set(String &str,uint32 offset,uint32 arg_length)
{ {
......
...@@ -120,7 +120,10 @@ public: ...@@ -120,7 +120,10 @@ public:
{ {
return (null_value=args[0]->get_time(ltime)); return (null_value=args[0]->get_time(ltime));
} }
bool is_null() { (void) val_int(); return null_value; } bool is_null() {
(void) val_int(); /* Discard result. It sets null_value as side-effect. */
return null_value;
}
friend class udf_handler; friend class udf_handler;
unsigned int size_of() { return sizeof(*this);} unsigned int size_of() { return sizeof(*this);}
Field *tmp_table_field(TABLE *t_arg); Field *tmp_table_field(TABLE *t_arg);
......
...@@ -51,14 +51,14 @@ double Item_str_func::val() ...@@ -51,14 +51,14 @@ double Item_str_func::val()
{ {
String *res; String *res;
res=val_str(&str_value); res=val_str(&str_value);
return res ? atof(res->c_ptr()) : 0.0; return res ? atof(res->c_ptr_safe()) : 0.0;
} }
longlong Item_str_func::val_int() longlong Item_str_func::val_int()
{ {
String *res; String *res;
res=val_str(&str_value); res=val_str(&str_value);
return res ? strtoll(res->c_ptr(),NULL,10) : (longlong) 0; return res ? strtoll(res->c_ptr_safe(),NULL,10) : (longlong) 0;
} }
......
...@@ -74,6 +74,14 @@ public: ...@@ -74,6 +74,14 @@ public:
Ptr[str_length]=0; Ptr[str_length]=0;
return Ptr; return Ptr;
} }
inline char *c_ptr_safe()
{
if (Ptr && str_length < Alloced_length)
Ptr[str_length]=0;
else
(void) realloc(str_length);
return Ptr;
}
void set(String &str,uint32 offset,uint32 arg_length) void set(String &str,uint32 offset,uint32 arg_length)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment