Bug #19984392 : MEDIUMINT: STACK BUFFER OVERFLOW IN PROTOCOL_TEXT::STORE_LONG

ISSUE: Queries with mediumint as column when operated with
long long type of data results in buffer overflow in
store_long function.

The merging rule specified for (MYSQL_TYPE_LONGLONG
MYSQL_TYPE_INT24) is MYSQL_TYPE_LONG. Due to this store_long
function was getting called which resulted in buffer overflow.

SOLUTION:
The correct merging rule for (MYSQL_TYPE_LONGLONG,
MYSQL_TYPE_INT24) should be MYSQL_TYPE_LONGLONG.
So, instead of function store_long, function store_longlong
is called which correctly handles the type MYSQL_TYPE_LONGLONG.

External Bug #23645238 is a duplicate of this issue.

1 files changed, 2 insertions, 2 deletions

diff --git a/sql/field.cc b/sql/field.cc
index abe856a8292..d9889f0fb48 100644
--- a/sql/field.cc
+++ b/sql/field.cc
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -347,7 +347,7 @@ static enum_field_types field_types_merge_rules [FIELDTYPE_NUM][FIELDTYPE_NUM]=
   //MYSQL_TYPE_NULL         MYSQL_TYPE_TIMESTAMP
     MYSQL_TYPE_LONGLONG,    MYSQL_TYPE_VARCHAR,
   //MYSQL_TYPE_LONGLONG     MYSQL_TYPE_INT24
-    MYSQL_TYPE_LONGLONG,    MYSQL_TYPE_LONG,
+    MYSQL_TYPE_LONGLONG,    MYSQL_TYPE_LONGLONG,
   //MYSQL_TYPE_DATE         MYSQL_TYPE_TIME
     MYSQL_TYPE_VARCHAR,     MYSQL_TYPE_VARCHAR,
   //MYSQL_TYPE_DATETIME     MYSQL_TYPE_YEAR