summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMonty <monty@mariadb.org>2021-02-16 15:22:22 +0200
committerSergei Golubchik <serg@mariadb.org>2021-05-19 22:54:12 +0200
commiteb73245e302a7807519f40fa19050f2b75614cce (patch)
tree15a958471e53a51e578f3c1954b8c2dd0edc0131
parent81d9bed3a492c21fae0d821fd65bae5078a85be3 (diff)
downloadmariadb-git-eb73245e302a7807519f40fa19050f2b75614cce.tar.gz
Ensure that we do not allocate strings bigger than 4G in String objects.
This is needed as we are using uint32 for allocated and current length.
-rw-r--r--sql/sql_string.cc5
1 files changed, 3 insertions, 2 deletions
diff --git a/sql/sql_string.cc b/sql/sql_string.cc
index c5f0c74528b..7fb47110c3e 100644
--- a/sql/sql_string.cc
+++ b/sql/sql_string.cc
@@ -37,6 +37,7 @@ bool Binary_string::real_alloc(size_t length)
DBUG_ASSERT(arg_length > length);
if (arg_length <= length)
return TRUE; /* Overflow */
+ DBUG_ASSERT(length < UINT_MAX32); // cast to uint32 is safe
str_length=0;
if (Alloced_length < arg_length)
{
@@ -45,7 +46,6 @@ bool Binary_string::real_alloc(size_t length)
arg_length,MYF(MY_WME | (thread_specific ?
MY_THREAD_SPECIFIC : 0)))))
return TRUE;
- DBUG_ASSERT(length < UINT_MAX32);
Alloced_length=(uint32) arg_length;
alloced=1;
}
@@ -504,6 +504,7 @@ bool String::set_ascii(const char *str, size_t arg_length)
bool Binary_string::fill(size_t max_length,char fill_char)
{
+ DBUG_ASSERT(max_length < UINT_MAX32); // cast to uint32 is safe
if (str_length > max_length)
Ptr[str_length= (uint32) max_length]=0;
else
@@ -529,7 +530,7 @@ void String::strip_sp()
bool String::append(const char *s,size_t size)
{
- DBUG_ASSERT(size <= UINT_MAX32);
+ DBUG_ASSERT(size <= UINT_MAX32); // cast to uint32 is safe
uint32 arg_length= (uint32) size;
if (!arg_length)
return FALSE;