diff options
| author | Alexey Botchkov <holyfoot@askmonty.org> | 2020-04-29 11:40:14 +0400 |
|---|---|---|
| committer | Alexey Botchkov <holyfoot@askmonty.org> | 2020-04-29 11:40:14 +0400 |
| commit | d4da131cff004e4157b755e417c49daef45ca80e (patch) | |
| tree | 87b89be3a095e31f32d367c18aad71badf5f0bf7 /sql | |
| parent | ffc5e00e9c64d64b773178be4a4750ac1613879c (diff) | |
| download | mariadb-git-d4da131cff004e4157b755e417c49daef45ca80e.tar.gz | |
MDEV-22337 Assertion `Alloced_length >= (str_length + length + net_le… …ngth_size(length))' failed in Binary_string::q_net_store_data on long MULTIPOLYGON query with session_track_user_variables=1 (optimized builds).
We have to reserve enough space in String to use q_something().
Also pointer calculations fixed.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/session_tracker.cc | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/sql/session_tracker.cc b/sql/session_tracker.cc index e1c2ec37644..ed422fa025d 100644 --- a/sql/session_tracker.cc +++ b/sql/session_tracker.cc @@ -1198,12 +1198,18 @@ bool User_variables_tracker::store(THD *thd, String *buf) auto var= m_changed_user_variables.at(i); String value_str; bool null_value; + uint length; var->val_str(&null_value, &value_str, DECIMAL_MAX_SCALE); - buf->q_append(static_cast<char>(SESSION_TRACK_USER_VARIABLES)); - ulonglong length= net_length_size(var->name.length) + var->name.length; + + length= net_length_size(var->name.length) + var->name.length; if (!null_value) length+= net_length_size(value_str.length()) + value_str.length(); + + if (buf->reserve(sizeof(char) + length + net_length_size(length))) + return true; + + buf->q_append(static_cast<char>(SESSION_TRACK_USER_VARIABLES)); buf->q_net_store_length(length); buf->q_net_store_data(reinterpret_cast<const uchar*>(var->name.str), var->name.length); @@ -1259,7 +1265,7 @@ void Session_tracker::store(THD *thd, String *buf) } size_t length= buf->length() - start; - uchar *data= (uchar *)(buf->ptr() + start); + uchar *data; uint size; if ((size= net_length_size(length)) != 1) @@ -1269,8 +1275,16 @@ void Session_tracker::store(THD *thd, String *buf) buf->length(start); // it is safer to have 0-length block in case of error return; } + + /* + The 'buf->reserve()' can change the buf->ptr() so we cannot + calculate the 'data' earlier. + */ + data= (uchar *)(buf->ptr() + start); memmove(data + (size - 1), data, length); } + else + data= (uchar *)(buf->ptr() + start); net_store_length(data - 1, length); } |