Commit c865f491 authored by pem@mysql.com's avatar pem@mysql.com

Post-review fix.

parent ca5e435f
...@@ -295,7 +295,7 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type, ...@@ -295,7 +295,7 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type,
/* /*
For some functions, 's' is now pointing to an argument of the For some functions, 's' is now pointing to an argument of the
function, which might be a local variable that it to be reused. function, which might be a local variable that is to be reused.
In this case, new(reuse, &rsize) below will call the destructor In this case, new(reuse, &rsize) below will call the destructor
and 's' ends up pointing to freed memory. and 's' ends up pointing to freed memory.
A somewhat ugly fix is to simply copy the string to our local one A somewhat ugly fix is to simply copy the string to our local one
...@@ -304,7 +304,8 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type, ...@@ -304,7 +304,8 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type,
*/ */
if (reuse && s != &tmp && s != &it->str_value) if (reuse && s != &tmp && s != &it->str_value)
{ {
tmp.copy(s->c_ptr(), s->length(), it->collation.collation); if (tmp.copy((const String)(*s)))
DBUG_RETURN(NULL);
s= &tmp; s= &tmp;
} }
...@@ -338,7 +339,7 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type, ...@@ -338,7 +339,7 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type,
return_null_item: return_null_item:
CREATE_ON_CALLERS_ARENA(it= new(reuse, &rsize) Item_null(), CREATE_ON_CALLERS_ARENA(it= new(reuse, &rsize) Item_null(),
use_callers_arena, &backup_arena); use_callers_arena, &backup_arena);
end: end:
it->rsize= rsize; it->rsize= rsize;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment