Bug#58165: "my_empty_string" gets modified and causes LOAD DATA to fail and

other crashes

Some string manipulating SQL functions use a shared string object intended to
contain an immutable empty string. This object was used by the SQL function
SUBSTRING_INDEX() to return an empty string when one argument was of the wrong
datatype. If the string object was then modified by the sql function INSERT(),
undefined behavior ensued.

Fixed by instead modifying the string object representing the function's
result value whenever string manipulating SQL functions return an empty
string.

Relevant code has also been documented.

1 files changed, 10 insertions, 0 deletions

diff --git a/sql/sql_string.h b/sql/sql_string.h
index b15179bcbe5..092e194646f 100644
--- a/sql/sql_string.h
+++ b/sql/sql_string.h
@@ -136,6 +136,16 @@ public:
       Alloced_length=0;
     str_charset=str.str_charset;
   }
+
+
+  /**
+     Points the internal buffer to the supplied one. The old buffer is freed.
+     @param str Pointer to the new buffer.
+     @param arg_length Length of the new buffer in characters, excluding any 
+            null character.
+     @param cs Character set to use for interpreting string data.
+     @note The new buffer will not be null terminated.
+  */
   inline void set(char *str,uint32 arg_length, CHARSET_INFO *cs)
   {
     free();