diff options
| author | unknown <konstantin@mysql.com> | 2004-09-08 23:07:11 +0400 |
|---|---|---|
| committer | unknown <konstantin@mysql.com> | 2004-09-08 23:07:11 +0400 |
| commit | d7a230677c90831d1f21426a56fd2d0a9106f31e (patch) | |
| tree | 76941d331b5f9f18f220d5601314919a2df7ae04 /sql/sql_prepare.cc | |
| parent | a2e570ab39868a2b128e5dd3f3899ff960832a1b (diff) | |
| download | mariadb-git-d7a230677c90831d1f21426a56fd2d0a9106f31e.tar.gz | |
A fix and test case for Bug#5194 "Bulk Insert Failures with Prepared
Statements":
- fix a couple of net->buff overruns in libmysql,
- check in the server that statement parameter count is less than
65535 (maximum value supported by prepared statements protocol).
libmysql/libmysql.c:
Bug#5194 "Bulk Insert Failures with Prepared Statements":
- clean up my_realloc_str()
- ensure that net buffer has space when storing null bits and
parameter typecodes.
sql/net_serv.cc:
- set net->last_errno if packet is too big, even on client
(Why was it ifdefed before?)
sql/sql_prepare.cc:
Bug#5194 "Bulk Insert Failures with Prepared Statements":
- if placeholder count is bigger than 65535, give error.
We have only 2 bytes reserved for transferring placeholder count
in 4.1 protocol.
- can't add a proper error code and message in 4.1 because of
possible merge difficulties."
tests/client_test.c:
A test case for Bug#5194 "Bulk Insert Failures with Prepared
Statements".
Diffstat (limited to 'sql/sql_prepare.cc')
| -rw-r--r-- | sql/sql_prepare.cc | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 1b6c7dbc9bc..aa3301d540f 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -1475,8 +1475,16 @@ error: static bool init_param_array(Prepared_statement *stmt) { LEX *lex= stmt->lex; + THD *thd= stmt->thd; if ((stmt->param_count= lex->param_list.elements)) { + if (stmt->param_count > (uint) UINT_MAX16) + { + /* Error code to be defined in 5.0 */ + send_error(thd, ER_UNKNOWN_ERROR, + "Prepared statement contains too many placeholders."); + return 1; + } Item_param **to; List_iterator<Item_param> param_iterator(lex->param_list); /* Use thd->mem_root as it points at statement mem_root */ @@ -1485,7 +1493,7 @@ static bool init_param_array(Prepared_statement *stmt) sizeof(Item_param*) * stmt->param_count); if (!stmt->param_array) { - send_error(stmt->thd, ER_OUT_OF_RESOURCES); + send_error(thd, ER_OUT_OF_RESOURCES); return 1; } for (to= stmt->param_array; |