Bug#38469 invalid memory read and/or crash with utf8 text field, stored procedure, uservar

            
A stored procedure involving substrings could crash the server on certain
platforms because of invalid memory reads.
          
During storing the new blob-field value, the cached value's address range
overlapped that of the new field value. This caused problems when the 
cached value storage was reallocated to provide access for a new 
characater set representation. The patch checks the address ranges, and if
they overlap, the new field value is copied to a new storage before it is
converted to the new character set.


mysql-test/r/sp.result:
  Added result set
mysql-test/t/sp.test:
  Added test case
sql/field.cc:
  The source and destination address ranges of a character conversion must not overlap or the 'from' address will be invalidated as the temporary value-
  object is re-allocated to fit the new character set.
sql/field.h:
  Added comments

1 files changed, 9 insertions, 1 deletions

diff --git a/sql/field.h b/sql/field.h
index 7b2dda77095..2975719a591 100644
--- a/sql/field.h
+++ b/sql/field.h
@@ -1213,8 +1213,16 @@ public:
 
 class Field_blob :public Field_longstr {
 protected:
+  /**
+    The number of bytes used to represent the length of the blob.
+  */
   uint packlength;
-  String value;				// For temporaries
+  
+  /**
+    The 'value'-object is a cache fronting the storage engine.
+  */
+  String value;
+  
 public:
   Field_blob(char *ptr_arg, uchar *null_ptr_arg, uchar null_bit_arg,
 	     enum utype unireg_check_arg, const char *field_name_arg,