Commit a8c98eb9 authored by Alexey Kopytov's avatar Alexey Kopytov

Merge mysql-5.0-bugteam -> mysql-5.1-bugteam.

parents 4cd0e2fa b30239bc
...@@ -72,26 +72,26 @@ bool String::realloc(uint32 alloc_length) ...@@ -72,26 +72,26 @@ bool String::realloc(uint32 alloc_length)
if (alloced) if (alloced)
{ {
if ((new_ptr= (char*) my_realloc(Ptr,len,MYF(MY_WME)))) if ((new_ptr= (char*) my_realloc(Ptr,len,MYF(MY_WME))))
new_ptr[alloc_length]= 0; {
Ptr=new_ptr;
Alloced_length=len;
}
else else
return TRUE; // Signal error return TRUE; // Signal error
} }
else if ((new_ptr= (char*) my_malloc(len,MYF(MY_WME)))) else if ((new_ptr= (char*) my_malloc(len,MYF(MY_WME))))
{ {
if (str_length > len - 1)
str_length= 0;
if (str_length) // Avoid bugs in memcpy on AIX if (str_length) // Avoid bugs in memcpy on AIX
memcpy(new_ptr, Ptr, str_length); memcpy(new_ptr,Ptr,str_length);
new_ptr[str_length]= 0; new_ptr[str_length]=0;
Ptr=new_ptr;
Alloced_length=len;
alloced=1; alloced=1;
} }
else else
return TRUE; // Signal error return TRUE; // Signal error
Ptr= new_ptr;
Alloced_length= len;
} }
else Ptr[alloc_length]=0; // This make other funcs shorter
Ptr[alloc_length]= 0;
return FALSE; return FALSE;
} }
......
...@@ -2519,10 +2519,4 @@ def format(a, 2) 253 49 4 Y 0 31 8 ...@@ -2519,10 +2519,4 @@ def format(a, 2) 253 49 4 Y 0 31 8
format(a, 2) format(a, 2)
1.33 1.33
drop table t1; drop table t1;
CREATE TABLE t1 (c DATE, aa VARCHAR(30));
INSERT INTO t1 VALUES ('2008-12-31','aaaaaa');
SELECT DATE_FORMAT(c, GET_FORMAT(DATE, 'eur')) h, CONCAT(UPPER(aa),', ', aa) i FROM t1;
h i
31.12.2008 AAAAAA, aaaaaa
DROP TABLE t1;
End of 5.0 tests End of 5.0 tests
...@@ -1273,13 +1273,4 @@ select format(a, 2) from t1; ...@@ -1273,13 +1273,4 @@ select format(a, 2) from t1;
--disable_metadata --disable_metadata
drop table t1; drop table t1;
#
# Bug #41868: crash or memory overrun with concat + upper, date_format functions
#
CREATE TABLE t1 (c DATE, aa VARCHAR(30));
INSERT INTO t1 VALUES ('2008-12-31','aaaaaa');
SELECT DATE_FORMAT(c, GET_FORMAT(DATE, 'eur')) h, CONCAT(UPPER(aa),', ', aa) i FROM t1;
DROP TABLE t1;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -1587,11 +1587,6 @@ bool select_send::send_data(List<Item> &items) ...@@ -1587,11 +1587,6 @@ bool select_send::send_data(List<Item> &items)
my_message(ER_OUT_OF_RESOURCES, ER(ER_OUT_OF_RESOURCES), MYF(0)); my_message(ER_OUT_OF_RESOURCES, ER(ER_OUT_OF_RESOURCES), MYF(0));
break; break;
} }
/*
Reset buffer to its original state, as it may have been altered in
Item::send().
*/
buffer.set(buff, sizeof(buff), &my_charset_bin);
} }
thd->sent_row_count++; thd->sent_row_count++;
if (thd->is_error()) if (thd->is_error())
......
...@@ -72,26 +72,26 @@ bool String::realloc(uint32 alloc_length) ...@@ -72,26 +72,26 @@ bool String::realloc(uint32 alloc_length)
if (alloced) if (alloced)
{ {
if ((new_ptr= (char*) my_realloc(Ptr,len,MYF(MY_WME)))) if ((new_ptr= (char*) my_realloc(Ptr,len,MYF(MY_WME))))
new_ptr[alloc_length]= 0; {
Ptr=new_ptr;
Alloced_length=len;
}
else else
return TRUE; // Signal error return TRUE; // Signal error
} }
else if ((new_ptr= (char*) my_malloc(len,MYF(MY_WME)))) else if ((new_ptr= (char*) my_malloc(len,MYF(MY_WME))))
{ {
if (str_length > len - 1)
str_length= 0;
if (str_length) // Avoid bugs in memcpy on AIX if (str_length) // Avoid bugs in memcpy on AIX
memcpy(new_ptr, Ptr, str_length); memcpy(new_ptr,Ptr,str_length);
new_ptr[str_length]= 0; new_ptr[str_length]=0;
Ptr=new_ptr;
Alloced_length=len;
alloced=1; alloced=1;
} }
else else
return TRUE; // Signal error return TRUE; // Signal error
Ptr= new_ptr;
Alloced_length= len;
} }
else Ptr[alloc_length]=0; // This make other funcs shorter
Ptr[alloc_length]= 0;
return FALSE; return FALSE;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment