diff options
| author | unknown <knielsen@mysql.com> | 2006-05-15 12:01:55 +0200 |
|---|---|---|
| committer | unknown <knielsen@mysql.com> | 2006-05-15 12:01:55 +0200 |
| commit | dccd333ecf4d566029c40e18bee33f6019bc2420 (patch) | |
| tree | 269b1cc4ffdaf52a959a5bf03778eedd53698a30 /sql/sp_rcontext.h | |
| parent | afe4715242576a8575abcec955baa4bfd78af85e (diff) | |
| download | mariadb-git-dccd333ecf4d566029c40e18bee33f6019bc2420.tar.gz | |
BUG#18037: Fix stack corruption in THD::rollback_item_tree_changes().
Stored procedure execution sometimes placed the address of auto variables
in the list of Item changes to undo in THD::rollback_item_tree_changes().
This could cause stack corruption.
sql/sp_head.cc:
Avoid storing address of auto variables in global rollback list, to
prevent stack memory corruption.
sql/sp_head.h:
Avoid storing address of auto variables in global rollback list, to
prevent stack memory corruption.
sql/sp_rcontext.cc:
Avoid storing address of auto variables in global rollback list, to
prevent stack memory corruption.
sql/sp_rcontext.h:
Avoid storing address of auto variables in global rollback list, to
prevent stack memory corruption.
sql/sql_class.cc:
Avoid storing address of auto variables in global rollback list, to
prevent stack memory corruption.
Diffstat (limited to 'sql/sp_rcontext.h')
| -rw-r--r-- | sql/sp_rcontext.h | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sql/sp_rcontext.h b/sql/sp_rcontext.h index 20aaea3b7c1..30521f6da84 100644 --- a/sql/sp_rcontext.h +++ b/sql/sp_rcontext.h @@ -91,7 +91,7 @@ class sp_rcontext : public Sql_alloc ~sp_rcontext(); int - set_variable(THD *thd, uint var_idx, Item *value); + set_variable(THD *thd, uint var_idx, Item **value); Item * get_item(uint var_idx); @@ -100,7 +100,7 @@ class sp_rcontext : public Sql_alloc get_item_addr(uint var_idx); bool - set_return_value(THD *thd, Item *return_value_item); + set_return_value(THD *thd, Item **return_value_item); inline bool is_return_value_set() const @@ -200,7 +200,7 @@ class sp_rcontext : public Sql_alloc */ int - set_case_expr(THD *thd, int case_expr_id, Item *case_expr_item); + set_case_expr(THD *thd, int case_expr_id, Item **case_expr_item_ptr); Item * get_case_expr(int case_expr_id); @@ -254,7 +254,7 @@ private: Item_cache *create_case_expr_holder(THD *thd, Item_result result_type); - int set_variable(THD *thd, Field *field, Item *value); + int set_variable(THD *thd, Field *field, Item **value); }; // class sp_rcontext : public Sql_alloc |