From ebda548d0d26f49a05d424f186e0b1d92c90925e Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 4 Feb 2005 09:14:22 +0300 Subject: Fix for BUG#7716: in in_string::set() take into account that the value returned by item->val_str() may be a substring of the passed string. Disallow string=its_substring assignment in String::operator=(). mysql-test/r/func_misc.result: Testcase for BUG#7716 mysql-test/t/func_misc.test: Testcase for BUG#7716 sql/item_cmpfunc.cc: Fix for BUG#7716: in in_string::set() take into account that the string returned by item->val_str(S) may be not S but use the buffer owned by S. sql/sql_string.h: * Added assert: String& String::operator=(const String&) may not be used to do assignments like str = string_that_uses_buffer_owned_by_str * Added String::uses_buffer_owned_by(). --- sql/item_cmpfunc.cc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sql/item_cmpfunc.cc') diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index c5e6d520ab7..46ef3281dd1 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -1503,7 +1503,11 @@ void in_string::set(uint pos,Item *item) String *str=((String*) base)+pos; String *res=item->val_str(str); if (res && res != str) + { + if (res->uses_buffer_owned_by(str)) + res->copy(); *str= *res; + } if (!str->charset()) { CHARSET_INFO *cs; -- cgit v1.2.1