From 716b64cdb050ff9a22457990f336ef20a7b3663a Mon Sep 17 00:00:00 2001
From: Martin Hansson <martin.hansson@oracle.com>
Date: Thu, 13 Jan 2011 08:57:15 +0100
Subject: Bug#58165: "my_empty_string" gets modified and causes LOAD DATA to
 fail and other crashes

Some string manipulating SQL functions use a shared string object intended to
contain an immutable empty string. This object was used by the SQL function
SUBSTRING_INDEX() to return an empty string when one argument was of the wrong
datatype. If the string object was then modified by the sql function INSERT(),
undefined behavior ensued.

Fixed by instead modifying the string object representing the function's
result value whenever string manipulating SQL functions return an empty
string.

Relevant code has also been documented.
---
 sql/sql_string.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'sql/sql_string.h')

diff --git a/sql/sql_string.h b/sql/sql_string.h
index b15179bcbe5..092e194646f 100644
--- a/sql/sql_string.h
+++ b/sql/sql_string.h
@@ -136,6 +136,16 @@ public:
       Alloced_length=0;
     str_charset=str.str_charset;
   }
+
+
+  /**
+     Points the internal buffer to the supplied one. The old buffer is freed.
+     @param str Pointer to the new buffer.
+     @param arg_length Length of the new buffer in characters, excluding any 
+            null character.
+     @param cs Character set to use for interpreting string data.
+     @note The new buffer will not be null terminated.
+  */
   inline void set(char *str,uint32 arg_length, CHARSET_INFO *cs)
   {
     free();
-- 
cgit v1.2.1