Merge example.com:/work/mysql-5.0-runtime

into example.com:/work/mysql-5.1-runtime-fresh2 mysql-test/t/sp.test: Auto merged sql/sp.cc: Auto merged
author: unknown <andrey@example.com> 2006-09-27 21:31:34 +0200
committer: unknown <andrey@example.com> 2006-09-27 21:31:34 +0200
commit: 18651379578b29a5a29201e334585cd793b51c11 (patch)
tree: a5596e571d8f602233639309301cdef4243db21d /sql/sp.cc
parent: ac4b66236342910ebfb8aed19ae46113df3465c6 (diff)
parent: fcb8687ad98ea57bfe8d12d36af1432561054565 (diff)
download: mariadb-git-18651379578b29a5a29201e334585cd793b51c11.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/sql/sp.cc b/sql/sp.cc
index dcc05bef5cf..470718d8cdc 100644
--- a/sql/sp.cc
+++ b/sql/sp.cc
@@ -1605,7 +1605,17 @@ sp_cache_routines_and_add_tables_aux(THD *thd, LEX *lex,
          */
         if (!thd->net.report_error)
         {
-          char n[NAME_LEN*2+2];
+          /*
+            SP allows full NAME_LEN chars thus he have to allocate enough
+            size in bytes. Otherwise there is stack overrun could happen
+            if multibyte sequence is `name`. `db` is still safe because the
+            rest of the server checks agains NAME_LEN bytes and not chars.
+            Hence, the overrun happens only if the name is in length > 32 and
+            uses multibyte (cyrillic, greek, etc.)
+
+            !! Change 3 with SYSTEM_CHARSET_MBMAXLEN when it's defined.
+          */
+          char n[NAME_LEN*3*2+2];
 
           /* m_qname.str is not always \0 terminated */
           memcpy(n, name.m_qname.str, name.m_qname.length);
author	unknown <andrey@example.com>	2006-09-27 21:31:34 +0200
committer	unknown <andrey@example.com>	2006-09-27 21:31:34 +0200
commit	18651379578b29a5a29201e334585cd793b51c11 (patch)
tree	a5596e571d8f602233639309301cdef4243db21d /sql/sp.cc
parent	ac4b66236342910ebfb8aed19ae46113df3465c6 (diff)
parent	fcb8687ad98ea57bfe8d12d36af1432561054565 (diff)
download	mariadb-git-18651379578b29a5a29201e334585cd793b51c11.tar.gz