diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2020-11-09 23:32:49 +0100 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2020-11-09 23:32:49 +0100 |
| commit | 212d92ad26e14d0293bb50efd7b7461c621a24b9 (patch) | |
| tree | cfb3cc0967b72191e3866cc7fb67fc81d1a5a5e7 /sql/sql_prepare.cc | |
| parent | d5ce7824444b7491f420061076ae5087d4829428 (diff) | |
| parent | bea84aefb0563a10a310ea81d46c372919345c10 (diff) | |
| download | mariadb-git-212d92ad26e14d0293bb50efd7b7461c621a24b9.tar.gz | |
Merge branch '10.2' into 10.3
Diffstat (limited to 'sql/sql_prepare.cc')
| -rw-r--r-- | sql/sql_prepare.cc | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 414453c6bf7..0c35b2dd1d8 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -3238,10 +3238,19 @@ void mysqld_stmt_execute(THD *thd, char *packet_arg, uint packet_length) void mysqld_stmt_bulk_execute(THD *thd, char *packet_arg, uint packet_length) { uchar *packet= (uchar*)packet_arg; // GCC 4.0.1 workaround + DBUG_ENTER("mysqld_stmt_execute_bulk"); + + const uint packet_header_lenght= 4 + 2; //ID & 2 bytes of flags + + if (packet_length < packet_header_lenght) + { + my_error(ER_MALFORMED_PACKET, MYF(0)); + DBUG_VOID_RETURN; + } + ulong stmt_id= uint4korr(packet); uint flags= (uint) uint2korr(packet + 4); uchar *packet_end= packet + packet_length; - DBUG_ENTER("mysqld_stmt_execute_bulk"); if (!(thd->client_capabilities & MARIADB_CLIENT_STMT_BULK_OPERATIONS)) @@ -3249,16 +3258,18 @@ void mysqld_stmt_bulk_execute(THD *thd, char *packet_arg, uint packet_length) DBUG_PRINT("error", ("An attempt to execute bulk operation without support")); my_error(ER_UNSUPPORTED_PS, MYF(0)); + DBUG_VOID_RETURN; } /* Check for implemented parameters */ if (flags & (~STMT_BULK_FLAG_CLIENT_SEND_TYPES)) { DBUG_PRINT("error", ("unsupported bulk execute flags %x", flags)); my_error(ER_UNSUPPORTED_PS, MYF(0)); + DBUG_VOID_RETURN; } /* stmt id and two bytes of flags */ - packet+= 4 + 2; + packet+= packet_header_lenght; mysql_stmt_execute_common(thd, stmt_id, packet, packet_end, 0, TRUE, (flags & STMT_BULK_FLAG_CLIENT_SEND_TYPES)); DBUG_VOID_RETURN; @@ -3335,9 +3346,11 @@ stmt_execute_packet_sanity_check(Prepared_statement *stmt, { /* If there is no parameters, this should be normally already end - of the packet. If it's not - then error + of the packet, but it is not a problem if something left (popular + mistake in protocol implementation) because we will not read anymore + from the buffer. */ - return (packet_end > packet); + return false; } return false; } |