diff options
| author | unknown <andrey@example.com> | 2006-09-28 09:11:22 +0200 |
|---|---|---|
| committer | unknown <andrey@example.com> | 2006-09-28 09:11:22 +0200 |
| commit | dc449f65b0e83a228c3d1b7be75a039ec4de604a (patch) | |
| tree | f7652a61fe07cd3b0f999300904be399deab3678 /sql/sp.cc | |
| parent | 2d48a1f2a3c3539a977839b94a9d3fe703666753 (diff) | |
| parent | 573e18e6a443b8ad579c34761cee7c2cb8ff425c (diff) | |
| download | mariadb-git-dc449f65b0e83a228c3d1b7be75a039ec4de604a.tar.gz | |
Merge ahristov@bk-internal.mysql.com:/home/bk/mysql-5.1-runtime
into example.com:/work/mysql-5.1-runtime-fresh2
mysql-test/r/sp.result:
Auto merged
mysql-test/t/sp.test:
Auto merged
sql/sp.cc:
Auto merged
Diffstat (limited to 'sql/sp.cc')
| -rw-r--r-- | sql/sp.cc | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/sql/sp.cc b/sql/sp.cc index 8ddf55e1837..f94fe7483bb 100644 --- a/sql/sp.cc +++ b/sql/sp.cc @@ -1606,7 +1606,17 @@ sp_cache_routines_and_add_tables_aux(THD *thd, LEX *lex, */ if (!thd->net.report_error) { - char n[NAME_LEN*2+2]; + /* + SP allows full NAME_LEN chars thus he have to allocate enough + size in bytes. Otherwise there is stack overrun could happen + if multibyte sequence is `name`. `db` is still safe because the + rest of the server checks agains NAME_LEN bytes and not chars. + Hence, the overrun happens only if the name is in length > 32 and + uses multibyte (cyrillic, greek, etc.) + + !! Change 3 with SYSTEM_CHARSET_MBMAXLEN when it's defined. + */ + char n[NAME_LEN*3*2+2]; /* m_qname.str is not always \0 terminated */ memcpy(n, name.m_qname.str, name.m_qname.length); |