diff options
author | Mithun C Y <mithun.c.y@oracle.com> | 2015-10-22 17:02:12 +0530 |
---|---|---|
committer | Mithun C Y <mithun.c.y@oracle.com> | 2015-10-22 17:02:12 +0530 |
commit | dea23408660130f04af7e954811122d86656900f (patch) | |
tree | 0ceac769e3666ab8fb98cae53efb96bf4b6bed4c /sql/sql_prepare.cc | |
parent | 74a503b4ceecf0e813666fc8cdbcb92e580442bd (diff) | |
download | mariadb-git-dea23408660130f04af7e954811122d86656900f.tar.gz |
Bug #20447262: REPEATED EXECUTION OF PREPARED STATEMENTS FAILS, IF DEFAULT DATABASE IS CHANGED.
Issue:
======
While re-preparing the statement in
Prepared_statement::swap_prepared_statement for swapping
the database of PS we only swapped the db string but not
its length. This resulted in mismatch between the actual
string and its length. In one particular case where db
of PS was dropped, we have db as null pointer and length
as non-zero. strdup which used above values resulted in
invalid memory access.
Solution:
=========
In Prepared_statement::swap_prepared_statement also swap
db_length along with db variable. Also, remove
DBUG_ASSERT(db_length == copy->db_length) as this have
no meaning if they are 2 different entities.
Diffstat (limited to 'sql/sql_prepare.cc')
-rw-r--r-- | sql/sql_prepare.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 48d23cd5d21..f2f74c68085 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -1,4 +1,4 @@ -/* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -3668,8 +3668,8 @@ Prepared_statement::swap_prepared_statement(Prepared_statement *copy) swap_variables(LEX_STRING, name, copy->name); /* Ditto */ swap_variables(char *, db, copy->db); + swap_variables(size_t, db_length, copy->db_length); - DBUG_ASSERT(db_length == copy->db_length); DBUG_ASSERT(param_count == copy->param_count); DBUG_ASSERT(thd == copy->thd); last_error[0]= '\0'; |