diff options
author | Monty <monty@mariadb.org> | 2018-06-17 14:19:51 +0300 |
---|---|---|
committer | Monty <monty@mariadb.org> | 2018-06-19 16:23:34 +0300 |
commit | ab194666564acab29a4bcb7ca763e0ae0e691d1f (patch) | |
tree | d40e6dfb9ac2b451cc0758e5523917385a19ae28 /sql/field.h | |
parent | 831df10981b7851871e1f3b8f04079df0cf5da36 (diff) | |
download | mariadb-git-ab194666564acab29a4bcb7ca763e0ae0e691d1f.tar.gz |
MDEV-15114 ASAN heap-use-after-free in mem_heap_dup or dfield_data_is_binary_equal
The bug was that innobase_get_computed_value() trashed record[0] and data
in Field_blob::value
Fixed by using a record on the heap for innobase_get_computed_value()
Reviewer: Marko Mäkelä
Diffstat (limited to 'sql/field.h')
-rw-r--r-- | sql/field.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sql/field.h b/sql/field.h index e554f92031c..820cc5f3a7a 100644 --- a/sql/field.h +++ b/sql/field.h @@ -3433,6 +3433,10 @@ public: uint32 max_display_length(); uint32 char_length() const; uint is_equal(Create_field *new_field); + + friend void TABLE::remember_blob_values(String *blob_storage); + friend void TABLE::restore_blob_values(String *blob_storage); + private: int do_save_field_metadata(uchar *first_byte); }; |