diff options
author | unknown <gluh@eagle.intranet.mysql.r18.ru> | 2006-05-12 17:34:36 +0500 |
---|---|---|
committer | unknown <gluh@eagle.intranet.mysql.r18.ru> | 2006-05-12 17:34:36 +0500 |
commit | 9ffa09be96e39a753d70176b9b25cc1a298a9159 (patch) | |
tree | 034a5f447281ed26d2915732b4f76ce9340a5a51 | |
parent | 7c5b743843a75cef52e3dc455e03f6dcaaba2887 (diff) | |
download | mariadb-git-9ffa09be96e39a753d70176b9b25cc1a298a9159.tar.gz |
Fix for bug#18177 any access to INFORMATION_SCHEMA.ROUTINES crashes
replaced get_field(MEM_ROOT *mem, Field *field) with
get_field(MEM_ROOT *mem, Field *field, String *res).
It allows to avoid strlen().
mysql-test/r/information_schema.result:
Fix for bug#18177 any access to INFORMATION_SCHEMA.ROUTINES crashes
test case
mysql-test/t/information_schema.test:
Fix for bug#18177 any access to INFORMATION_SCHEMA.ROUTINES crashes
test case
-rw-r--r-- | mysql-test/r/information_schema.result | 9 | ||||
-rw-r--r-- | mysql-test/t/information_schema.test | 11 | ||||
-rw-r--r-- | sql/sql_show.cc | 23 |
3 files changed, 32 insertions, 11 deletions
diff --git a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result index 7d244cbe19c..633b11e1f1b 100644 --- a/mysql-test/r/information_schema.result +++ b/mysql-test/r/information_schema.result @@ -1099,3 +1099,12 @@ CHARACTER_MAXIMUM_LENGTH CHARACTER_OCTET_LENGTH 1 3 9 27 drop table t1; +use mysql; +INSERT INTO `proc` VALUES ('test','','PROCEDURE','','SQL','CONTAINS_SQL', +'NO','DEFINER','','','BEGIN\r\n \r\nEND','root@%','2006-03-02 18:40:03', +'2006-03-02 18:40:03','',''); +select routine_name from information_schema.routines; +routine_name + +delete from proc where name=''; +use test; diff --git a/mysql-test/t/information_schema.test b/mysql-test/t/information_schema.test index f8032d71440..e96f1ef4bbd 100644 --- a/mysql-test/t/information_schema.test +++ b/mysql-test/t/information_schema.test @@ -811,3 +811,14 @@ default character set utf8; select CHARACTER_MAXIMUM_LENGTH, CHARACTER_OCTET_LENGTH from information_schema.columns where table_schema='test' and table_name = 't1'; drop table t1; + +# +# Bug#18177 any access to INFORMATION_SCHEMA.ROUTINES crashes +# +use mysql; +INSERT INTO `proc` VALUES ('test','','PROCEDURE','','SQL','CONTAINS_SQL', +'NO','DEFINER','','','BEGIN\r\n \r\nEND','root@%','2006-03-02 18:40:03', +'2006-03-02 18:40:03','',''); +select routine_name from information_schema.routines; +delete from proc where name=''; +use test; diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 1484274b3dc..70bdef302df 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -2854,17 +2854,18 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table, const char *wild, bool full_access, const char *sp_user) { String tmp_string; + String sp_db, sp_name, definer; TIME time; LEX *lex= thd->lex; CHARSET_INFO *cs= system_charset_info; - const char *sp_db, *sp_name, *definer; - sp_db= get_field(thd->mem_root, proc_table->field[0]); - sp_name= get_field(thd->mem_root, proc_table->field[1]); - definer= get_field(thd->mem_root, proc_table->field[11]); + get_field(thd->mem_root, proc_table->field[0], &sp_db); + get_field(thd->mem_root, proc_table->field[1], &sp_name); + get_field(thd->mem_root, proc_table->field[11], &definer); if (!full_access) - full_access= !strcmp(sp_user, definer); - if (!full_access && check_some_routine_access(thd, sp_db, sp_name, - proc_table->field[2]->val_int() == TYPE_ENUM_PROCEDURE)) + full_access= !strcmp(sp_user, definer.ptr()); + if (!full_access && check_some_routine_access(thd, sp_db.ptr(), sp_name.ptr(), + proc_table->field[2]->val_int() == + TYPE_ENUM_PROCEDURE)) return 0; if (lex->orig_sql_command == SQLCOM_SHOW_STATUS_PROC && @@ -2874,13 +2875,13 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table, lex->orig_sql_command == SQLCOM_END) { restore_record(table, s->default_values); - if (!wild || !wild[0] || !wild_compare(sp_name, wild, 0)) + if (!wild || !wild[0] || !wild_compare(sp_name.ptr(), wild, 0)) { int enum_idx= proc_table->field[5]->val_int(); - table->field[3]->store(sp_name, strlen(sp_name), cs); + table->field[3]->store(sp_name.ptr(), sp_name.length(), cs); get_field(thd->mem_root, proc_table->field[3], &tmp_string); table->field[0]->store(tmp_string.ptr(), tmp_string.length(), cs); - table->field[2]->store(sp_db, strlen(sp_db), cs); + table->field[2]->store(sp_db.ptr(), sp_db.length(), cs); get_field(thd->mem_root, proc_table->field[2], &tmp_string); table->field[4]->store(tmp_string.ptr(), tmp_string.length(), cs); if (proc_table->field[2]->val_int() == TYPE_ENUM_FUNCTION) @@ -2912,7 +2913,7 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table, table->field[17]->store(tmp_string.ptr(), tmp_string.length(), cs); get_field(thd->mem_root, proc_table->field[15], &tmp_string); table->field[18]->store(tmp_string.ptr(), tmp_string.length(), cs); - table->field[19]->store(definer, strlen(definer), cs); + table->field[19]->store(definer.ptr(), definer.length(), cs); return schema_table_store_record(thd, table); } } |