diff options
| author | Alexey Kopytov <Alexey.Kopytov@Sun.com> | 2010-05-21 15:23:48 +0400 |
|---|---|---|
| committer | Alexey Kopytov <Alexey.Kopytov@Sun.com> | 2010-05-21 15:23:48 +0400 |
| commit | c2ebb0ac882feadedd0bbca71277fd2de66aa957 (patch) | |
| tree | 393cb5d35a1dc953f8e9fee7b6c06737b675ba9c /sql/sql_prepare.cc | |
| parent | 36be33b0ad829732b76d87f6d618546014fd96de (diff) | |
| download | mariadb-git-c2ebb0ac882feadedd0bbca71277fd2de66aa957.tar.gz | |
Bug #42064: low memory crash when importing hex strings, in
Item_hex_string::Item_hex_string
The status of memory allocation in the Lex_input_stream (called
from the Parser_state constructor) was not checked which led to
a parser crash in case of the out-of-memory error.
The solution is to introduce new init() member function in
Parser_state and Lex_input_stream so that status of memory
allocation can be returned to the caller.
mysql-test/r/error_simulation.result:
Added a test case for bug #42064.
mysql-test/t/error_simulation.test:
Added a test case for bug #42064.
mysys/my_alloc.c:
Added error injection code for the regression test.
mysys/my_malloc.c:
Added error injection code for the regression test.
mysys/safemalloc.c:
Added error injection code for the regression test.
sql/event_data_objects.cc:
Use the new init() member function of Parser_state and check
its return value to handle memory allocation failures.
sql/mysqld.cc:
Added error injection code for the regression test.
sql/sp.cc:
Use the new init() member function of Parser_state and check
its return value to handle memory allocation failures.
sql/sql_lex.cc:
Moved memory allocation from constructor to the separate init()
member function.
Added error injection code for the regression test.
sql/sql_lex.h:
Moved memory allocation from constructor to the separate init()
member function.
sql/sql_parse.cc:
Use the new init() member function of Parser_state and check
its return value to handle memory allocation failures.
sql/sql_partition.cc:
Use the new init() member function of Parser_state and check
its return value to handle memory allocation failures.
sql/sql_prepare.cc:
Use the new init() member function of Parser_state and check
its return value to handle memory allocation failures.
sql/sql_trigger.cc:
Use the new init() member function of Parser_state and check
its return value to handle memory allocation failures.
sql/sql_view.cc:
Use the new init() member function of Parser_state and check
its return value to handle memory allocation failures..
sql/thr_malloc.cc:
Added error injection code for the regression test.
Diffstat (limited to 'sql/sql_prepare.cc')
| -rw-r--r-- | sql/sql_prepare.cc | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 5979f2ca17e..a928942bd88 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -3034,13 +3034,16 @@ bool Prepared_statement::prepare(const char *packet, uint packet_len) old_stmt_arena= thd->stmt_arena; thd->stmt_arena= this; - Parser_state parser_state(thd, thd->query(), thd->query_length()); - parser_state.m_lip.stmt_prepare_mode= TRUE; - lex_start(thd); + Parser_state parser_state; + if (!parser_state.init(thd, thd->query(), thd->query_length())) + { + parser_state.m_lip.stmt_prepare_mode= TRUE; + lex_start(thd); - error= parse_sql(thd, & parser_state, NULL) || - thd->is_error() || - init_param_array(this); + error= parse_sql(thd, & parser_state, NULL) || + thd->is_error() || + init_param_array(this); + } lex->set_trg_event_type_for_tables(); |