]>
Commit | Line | Data |
---|---|---|
b4e1fa2c AM |
1 | # name : bug580324.patch |
2 | # introduced : 11 or before | |
3 | # maintainer : Oleg | |
4 | # | |
5 | #!!! notice !!! | |
6 | # Any small change to this file in the main branch | |
7 | # should be done or reviewed by the maintainer! | |
db82db79 AM |
8 | --- a/sql/sql_base.cc |
9 | +++ b/sql/sql_base.cc | |
734d6226 | 10 | @@ -314,8 +314,12 @@ |
b4e1fa2c AM |
11 | const TABLE_LIST *table_list, |
12 | bool tmp_table) | |
13 | { | |
14 | - uint key_length= (uint) (strmov(strmov(key, table_list->db)+1, | |
15 | - table_list->table_name)-key)+1; | |
16 | + char *db_end= strnmov(key, table_list->db, MAX_DBKEY_LENGTH - 2); | |
17 | + *db_end++= '\0'; | |
18 | + char *table_end= strnmov(db_end, table_list->table_name, | |
19 | + key + MAX_DBKEY_LENGTH - 1 - db_end); | |
20 | + *table_end++= '\0'; | |
21 | + uint key_length= (uint) (table_end-key); | |
22 | if (tmp_table) | |
23 | { | |
24 | int4store(key + key_length, thd->server_id); | |
db82db79 AM |
25 | --- a/sql/sql_parse.cc |
26 | +++ b/sql/sql_parse.cc | |
13ceb006 | 27 | @@ -1116,11 +1116,18 @@ |
b4e1fa2c AM |
28 | break; |
29 | #else | |
30 | { | |
31 | - char *fields, *packet_end= packet + packet_length, *arg_end; | |
32 | + char *fields; | |
33 | + char *packet_end= packet + packet_length; | |
34 | + char *wildcard; | |
35 | /* Locked closure of all tables */ | |
36 | TABLE_LIST table_list; | |
37 | + char table_name_buff[NAME_LEN+1]; | |
38 | LEX_STRING table_name; | |
39 | + uint dummy_errors; | |
40 | LEX_STRING db; | |
41 | + | |
42 | + table_name.str= table_name_buff; | |
43 | + table_name.length= 0; | |
44 | /* | |
45 | SHOW statements should not add the used tables to the list of tables | |
46 | used in a transaction. | |
13ceb006 | 47 | @@ -1133,24 +1140,23 @@ |
b4e1fa2c AM |
48 | /* |
49 | We have name + wildcard in packet, separated by endzero | |
50 | */ | |
51 | - arg_end= strend(packet); | |
52 | - uint arg_length= arg_end - packet; | |
53 | - | |
54 | - /* Check given table name length. */ | |
55 | - if (arg_length >= packet_length || arg_length > NAME_LEN) | |
56 | + wildcard= strend(packet); | |
57 | + table_name.length= wildcard - packet; | |
58 | + wildcard++; | |
59 | + uint query_length= (uint) (packet_end - wildcard); // Don't count end \0 | |
60 | + if (table_name.length > NAME_LEN || query_length > NAME_LEN) | |
61 | { | |
62 | my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0)); | |
63 | break; | |
64 | } | |
65 | - thd->convert_string(&table_name, system_charset_info, | |
66 | - packet, arg_length, thd->charset()); | |
67 | - if (check_table_name(table_name.str, table_name.length, FALSE)) | |
68 | - { | |
69 | - /* this is OK due to convert_string() null-terminating the string */ | |
70 | - my_error(ER_WRONG_TABLE_NAME, MYF(0), table_name.str); | |
71 | + table_name.length= copy_and_convert(table_name.str, | |
72 | + sizeof(table_name_buff)-1, | |
73 | + system_charset_info, | |
74 | + packet, table_name.length, | |
75 | + thd->charset(), &dummy_errors); | |
76 | + table_name.str[table_name.length]= '\0'; | |
77 | + if (!(fields= (char *) thd->memdup(wildcard, query_length + 1))) | |
78 | break; | |
79 | - } | |
80 | - packet= arg_end + 1; | |
81 | mysql_reset_thd_for_next_command(thd); | |
82 | lex_start(thd); | |
83 | /* Must be before we init the table list. */ | |
13ceb006 | 84 | @@ -1175,9 +1181,6 @@ |
b4e1fa2c AM |
85 | table_list.schema_table= schema_table; |
86 | } | |
87 | ||
88 | - uint query_length= (uint) (packet_end - packet); // Don't count end \0 | |
89 | - if (!(fields= (char *) thd->memdup(packet, query_length + 1))) | |
90 | - break; | |
91 | thd->set_query(fields, query_length); | |
92 | general_log_print(thd, command, "%s %s", table_list.table_name, fields); | |
93 | ||
db82db79 AM |
94 | --- a/strings/ctype-utf8.c |
95 | +++ b/strings/ctype-utf8.c | |
b4e1fa2c AM |
96 | @@ -4212,6 +4212,10 @@ |
97 | { | |
98 | int code; | |
99 | char hex[]= "0123456789abcdef"; | |
100 | + | |
101 | + if (s >= e) | |
102 | + return MY_CS_TOOSMALL; | |
103 | + | |
104 | if (wc < 128 && filename_safe_char[wc]) | |
105 | { | |
106 | *s= (uchar) wc; |