diff options
| author | Magne Mahre <magne.mahre@oracle.com> | 2011-10-07 14:10:15 +0200 |
|---|---|---|
| committer | Magne Mahre <magne.mahre@oracle.com> | 2011-10-07 14:10:15 +0200 |
| commit | e7a8fedf5c8f374f5c90d302c8d14bed099d5138 (patch) | |
| tree | 9cece79484bb488e15d7818ed496a723df8dd29f /sql/sql_cache.cc | |
| parent | 55acdc8121d00a8d22244ed11a0dbca47b1e4260 (diff) | |
| parent | f36e854ac6ce19e7018addbb8701796006a27134 (diff) | |
| download | mariadb-git-e7a8fedf5c8f374f5c90d302c8d14bed099d5138.tar.gz | |
Merge from 5.1-security
Diffstat (limited to 'sql/sql_cache.cc')
| -rw-r--r-- | sql/sql_cache.cc | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/sql/sql_cache.cc b/sql/sql_cache.cc index 47628f1c590..e8bc6160cfd 100644 --- a/sql/sql_cache.cc +++ b/sql/sql_cache.cc @@ -1278,8 +1278,8 @@ def_week_frmt: %lu, in_trans: %d, autocommit: %d", /* Key is query + database + flag */ if (thd->db_length) { - memcpy(thd->query() + thd->query_length() + 1, thd->db, - thd->db_length); + memcpy(thd->query() + thd->query_length() + 1 + sizeof(size_t), + thd->db, thd->db_length); DBUG_PRINT("qcache", ("database: %s length: %u", thd->db, (unsigned) thd->db_length)); } @@ -1288,7 +1288,7 @@ def_week_frmt: %lu, in_trans: %d, autocommit: %d", DBUG_PRINT("qcache", ("No active database")); } tot_length= thd->query_length() + thd->db_length + 1 + - QUERY_CACHE_FLAGS_SIZE; + sizeof(size_t) + QUERY_CACHE_FLAGS_SIZE; /* We should only copy structure (don't use it location directly) because of alignment issue @@ -1506,7 +1506,28 @@ Query_cache::send_result_to_client(THD *thd, char *sql, uint query_length) goto err; } } + { + /* + We have allocated buffer space (in alloc_query) to hold the + SQL statement(s) + the current database name + a flags struct. + If the database name has changed during execution, which might + happen if there are multiple statements, we need to make + sure the new current database has a name with the same length + as the previous one. + */ + size_t *db_len= (size_t *) (sql + query_length + 1); + if (thd->db_length != *db_len) + { + /* + We should probably reallocate the buffer in this case, + but for now we just leave it uncached + */ + DBUG_PRINT("qcache", + ("Current database has changed since start of query")); + goto err; + } + } /* Try to obtain an exclusive lock on the query cache. If the cache is disabled or if a full cache flush is in progress, the attempt to @@ -1522,10 +1543,12 @@ Query_cache::send_result_to_client(THD *thd, char *sql, uint query_length) Query_cache_block *query_block; - tot_length= query_length + thd->db_length + 1 + QUERY_CACHE_FLAGS_SIZE; + tot_length= query_length + 1 + sizeof(size_t) + + thd->db_length + QUERY_CACHE_FLAGS_SIZE; + if (thd->db_length) { - memcpy(sql+query_length+1, thd->db, thd->db_length); + memcpy(sql + query_length + 1 + sizeof(size_t), thd->db, thd->db_length); DBUG_PRINT("qcache", ("database: '%s' length: %u", thd->db, (unsigned)thd->db_length)); } |