diff options
author | Monty <monty@mariadb.org> | 2021-02-16 15:22:22 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2021-05-19 22:54:12 +0200 |
commit | eb73245e302a7807519f40fa19050f2b75614cce (patch) | |
tree | 15a958471e53a51e578f3c1954b8c2dd0edc0131 | |
parent | 81d9bed3a492c21fae0d821fd65bae5078a85be3 (diff) | |
download | mariadb-git-eb73245e302a7807519f40fa19050f2b75614cce.tar.gz |
Ensure that we do not allocate strings bigger than 4G in String objects.
This is needed as we are using uint32 for allocated and current length.
-rw-r--r-- | sql/sql_string.cc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sql/sql_string.cc b/sql/sql_string.cc index c5f0c74528b..7fb47110c3e 100644 --- a/sql/sql_string.cc +++ b/sql/sql_string.cc @@ -37,6 +37,7 @@ bool Binary_string::real_alloc(size_t length) DBUG_ASSERT(arg_length > length); if (arg_length <= length) return TRUE; /* Overflow */ + DBUG_ASSERT(length < UINT_MAX32); // cast to uint32 is safe str_length=0; if (Alloced_length < arg_length) { @@ -45,7 +46,6 @@ bool Binary_string::real_alloc(size_t length) arg_length,MYF(MY_WME | (thread_specific ? MY_THREAD_SPECIFIC : 0))))) return TRUE; - DBUG_ASSERT(length < UINT_MAX32); Alloced_length=(uint32) arg_length; alloced=1; } @@ -504,6 +504,7 @@ bool String::set_ascii(const char *str, size_t arg_length) bool Binary_string::fill(size_t max_length,char fill_char) { + DBUG_ASSERT(max_length < UINT_MAX32); // cast to uint32 is safe if (str_length > max_length) Ptr[str_length= (uint32) max_length]=0; else @@ -529,7 +530,7 @@ void String::strip_sp() bool String::append(const char *s,size_t size) { - DBUG_ASSERT(size <= UINT_MAX32); + DBUG_ASSERT(size <= UINT_MAX32); // cast to uint32 is safe uint32 arg_length= (uint32) size; if (!arg_length) return FALSE; |