diff options
| author | Alexander Barkov <bar@mysql.com> | 2009-12-15 13:48:29 +0400 |
|---|---|---|
| committer | Alexander Barkov <bar@mysql.com> | 2009-12-15 13:48:29 +0400 |
| commit | cff23162ec4bfc0c0fa489eb8568de0a3ccdd1ab (patch) | |
| tree | 4bc7c01f93ccd29d4c9290757eda260689e49d9d /mysys | |
| parent | 4578a5c61b8c502cdf18bff883f746d3d0bd2b39 (diff) | |
| download | mariadb-git-cff23162ec4bfc0c0fa489eb8568de0a3ccdd1ab.tar.gz | |
Bug#49134 5.1 server segfaults with 2byte collation file
Problem: add_collation did not check that cs->number is smaller
than the number of elements in the array all_charsets[],
so server could crash when loading an Index.xml file with
a collation ID greater the number of elements
(for example when downgrading from 5.5).
Fix: adding a condition to check that cs->number is not out of valid range.
Diffstat (limited to 'mysys')
| -rw-r--r-- | mysys/charset.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/mysys/charset.c b/mysys/charset.c index d59be4ab6c7..b1b91d716ba 100644 --- a/mysys/charset.c +++ b/mysys/charset.c @@ -220,7 +220,8 @@ copy_uca_collation(CHARSET_INFO *to, CHARSET_INFO *from) static int add_collation(CHARSET_INFO *cs) { if (cs->name && (cs->number || - (cs->number=get_collation_number_internal(cs->name)))) + (cs->number=get_collation_number_internal(cs->name))) && + cs->number < array_elements(all_charsets)) { if (!all_charsets[cs->number]) { |