• gkodinov/kgeorge@magare.gmz[kgeorge]'s avatar
    Bug #26303: Reserve is not called before qs_append(). · 93488413
    gkodinov/kgeorge@magare.gmz[kgeorge] authored
    This may lead to buffer overflow.
    The String::qs_append() function will append a string
    without checking if there's enough space.
    So qs_append() must be called beforehand to ensure 
    there's enough space in the buffer for the subsequent 
    qs_append() calls.
    Fixed Item_case_expr::print() to make sure there's
    enough space before appending data by adding a call to 
    String::reserve() to make sure qs_append() will have 
    enough space.
    93488413
item.h 86.3 KB