• Varun Gupta's avatar
    MDEV-19380: ASAN heap-use-after-free in Protocol::net_store_data · 808036a6
    Varun Gupta authored
    The issue here is window function makes the passed string object
    to point to an area in a temporary table's record buffer.
    Then, the temporary table is freed, together with its record buffer.
    Then, Item_cache_str attempts to read this value.
    
    The fix is to call value_buff.copy(). This will make the value_buff to store
    its string in a buffer that it owns, which will not disappear unexpectedly.
    808036a6
item.cc 295 KB