Commit dc449f65 authored by unknown's avatar unknown

Merge ahristov@bk-internal.mysql.com:/home/bk/mysql-5.1-runtime

into  example.com:/work/mysql-5.1-runtime-fresh2


mysql-test/r/sp.result:
  Auto merged
mysql-test/t/sp.test:
  Auto merged
sql/sp.cc:
  Auto merged
parents 2d48a1f2 573e18e6
...@@ -5451,4 +5451,11 @@ CHF ...@@ -5451,4 +5451,11 @@ CHF
DROP FUNCTION bug21493| DROP FUNCTION bug21493|
DROP TABLE t3,t4| DROP TABLE t3,t4|
End of 5.0 tests End of 5.0 tests
set names utf8|
drop database if exists това_е_дълго_име_за_база_данни_нали|
create database това_е_дълго_име_за_база_данни_нали|
INSERT INTO mysql.proc VALUES ('това_е_дълго_име_за_база_данни_нали','това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго','PROCEDURE','това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго','SQL','CONTAINS_SQL','NO','DEFINER','','','bad_body','root@localhost',now(), now(),'','')|
call това_е_дълго_име_за_база_данни_нали.това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго()|
ERROR HY000: Failed to load routine това_е_дълго_име_за_база_данни_нали.. The table mysql.proc is missing, corrupt, or contains bad data (internal code -6)
drop database това_е_дълго_име_за_база_данни_нали|
drop table t1,t2; drop table t1,t2;
...@@ -6380,6 +6380,19 @@ DROP TABLE t3,t4| ...@@ -6380,6 +6380,19 @@ DROP TABLE t3,t4|
--echo End of 5.0 tests --echo End of 5.0 tests
#
# BUG#21311: Possible stack overrun if SP has non-latin1 name
#
set names utf8|
--disable_warnings
drop database if exists това_е_дълго_име_за_база_данни_нали|
--enable_warnings
create database това_е_дълго_име_за_база_данни_нали|
INSERT INTO mysql.proc VALUES ('това_е_дълго_име_за_база_данни_нали','това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго','PROCEDURE','това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго','SQL','CONTAINS_SQL','NO','DEFINER','','','bad_body','root@localhost',now(), now(),'','')|
--error ER_SP_PROC_TABLE_CORRUPT
call това_е_дълго_име_за_база_данни_нали.това_е_процедура_с_доста_дълго_име_нали_и_още_по_дълго()|
drop database това_е_дълго_име_за_база_данни_нали|
# #
# BUG#NNNN: New bug synopsis # BUG#NNNN: New bug synopsis
# #
......
...@@ -1606,7 +1606,17 @@ sp_cache_routines_and_add_tables_aux(THD *thd, LEX *lex, ...@@ -1606,7 +1606,17 @@ sp_cache_routines_and_add_tables_aux(THD *thd, LEX *lex,
*/ */
if (!thd->net.report_error) if (!thd->net.report_error)
{ {
char n[NAME_LEN*2+2]; /*
SP allows full NAME_LEN chars thus he have to allocate enough
size in bytes. Otherwise there is stack overrun could happen
if multibyte sequence is `name`. `db` is still safe because the
rest of the server checks agains NAME_LEN bytes and not chars.
Hence, the overrun happens only if the name is in length > 32 and
uses multibyte (cyrillic, greek, etc.)
!! Change 3 with SYSTEM_CHARSET_MBMAXLEN when it's defined.
*/
char n[NAME_LEN*3*2+2];
/* m_qname.str is not always \0 terminated */ /* m_qname.str is not always \0 terminated */
memcpy(n, name.m_qname.str, name.m_qname.length); memcpy(n, name.m_qname.str, name.m_qname.length);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment