From f0352e346a1a7dbf056ac87239ed9b407d70886b Mon Sep 17 00:00:00 2001 From: Kristofer Pettersson Date: Sat, 20 Sep 2008 10:51:03 +0200 Subject: Bug#38469 invalid memory read and/or crash with utf8 text field, stored procedure, uservar A stored procedure involving substrings could crash the server on certain platforms because of invalid memory reads. During storing the new blob-field value, the cached value's address range overlapped that of the new field value. This caused problems when the cached value storage was reallocated to provide access for a new characater set representation. The patch checks the address ranges, and if they overlap, the new field value is copied to a new storage before it is converted to the new character set. mysql-test/r/sp.result: Added result set mysql-test/t/sp.test: Added test case sql/field.cc: The source and destination address ranges of a character conversion must not overlap or the 'from' address will be invalidated as the temporary value- object is re-allocated to fit the new character set. sql/field.h: Added comments --- sql/field.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'sql/field.h') diff --git a/sql/field.h b/sql/field.h index 7b2dda77095..2975719a591 100644 --- a/sql/field.h +++ b/sql/field.h @@ -1213,8 +1213,16 @@ public: class Field_blob :public Field_longstr { protected: + /** + The number of bytes used to represent the length of the blob. + */ uint packlength; - String value; // For temporaries + + /** + The 'value'-object is a cache fronting the storage engine. + */ + String value; + public: Field_blob(char *ptr_arg, uchar *null_ptr_arg, uchar null_bit_arg, enum utype unireg_check_arg, const char *field_name_arg, -- cgit v1.2.1