]>
Commit | Line | Data |
---|---|---|
b4e1fa2c AM |
1 | # name : bug580324.patch |
2 | # introduced : 11 or before | |
3 | # maintainer : Oleg | |
4 | # | |
5 | #!!! notice !!! | |
6 | # Any small change to this file in the main branch | |
7 | # should be done or reviewed by the maintainer! | |
8 | diff -ruN a/sql/sql_base.cc b/sql/sql_base.cc | |
11822e22 AM |
9 | --- a/sql/sql_base.cc 2011-04-09 18:49:00.000000000 +0400 |
10 | +++ b/sql/sql_base.cc 2011-04-09 18:49:02.000000000 +0400 | |
b4e1fa2c AM |
11 | @@ -251,8 +251,12 @@ |
12 | const TABLE_LIST *table_list, | |
13 | bool tmp_table) | |
14 | { | |
15 | - uint key_length= (uint) (strmov(strmov(key, table_list->db)+1, | |
16 | - table_list->table_name)-key)+1; | |
17 | + char *db_end= strnmov(key, table_list->db, MAX_DBKEY_LENGTH - 2); | |
18 | + *db_end++= '\0'; | |
19 | + char *table_end= strnmov(db_end, table_list->table_name, | |
20 | + key + MAX_DBKEY_LENGTH - 1 - db_end); | |
21 | + *table_end++= '\0'; | |
22 | + uint key_length= (uint) (table_end-key); | |
23 | if (tmp_table) | |
24 | { | |
25 | int4store(key + key_length, thd->server_id); | |
26 | diff -ruN a/sql/sql_parse.cc b/sql/sql_parse.cc | |
11822e22 AM |
27 | --- a/sql/sql_parse.cc 2011-04-09 18:49:00.000000000 +0400 |
28 | +++ b/sql/sql_parse.cc 2011-04-09 18:49:02.000000000 +0400 | |
29 | @@ -1112,11 +1112,18 @@ | |
b4e1fa2c AM |
30 | break; |
31 | #else | |
32 | { | |
33 | - char *fields, *packet_end= packet + packet_length, *arg_end; | |
34 | + char *fields; | |
35 | + char *packet_end= packet + packet_length; | |
36 | + char *wildcard; | |
37 | /* Locked closure of all tables */ | |
38 | TABLE_LIST table_list; | |
39 | + char table_name_buff[NAME_LEN+1]; | |
40 | LEX_STRING table_name; | |
41 | + uint dummy_errors; | |
42 | LEX_STRING db; | |
43 | + | |
44 | + table_name.str= table_name_buff; | |
45 | + table_name.length= 0; | |
46 | /* | |
47 | SHOW statements should not add the used tables to the list of tables | |
48 | used in a transaction. | |
11822e22 | 49 | @@ -1129,24 +1136,23 @@ |
b4e1fa2c AM |
50 | /* |
51 | We have name + wildcard in packet, separated by endzero | |
52 | */ | |
53 | - arg_end= strend(packet); | |
54 | - uint arg_length= arg_end - packet; | |
55 | - | |
56 | - /* Check given table name length. */ | |
57 | - if (arg_length >= packet_length || arg_length > NAME_LEN) | |
58 | + wildcard= strend(packet); | |
59 | + table_name.length= wildcard - packet; | |
60 | + wildcard++; | |
61 | + uint query_length= (uint) (packet_end - wildcard); // Don't count end \0 | |
62 | + if (table_name.length > NAME_LEN || query_length > NAME_LEN) | |
63 | { | |
64 | my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0)); | |
65 | break; | |
66 | } | |
67 | - thd->convert_string(&table_name, system_charset_info, | |
68 | - packet, arg_length, thd->charset()); | |
69 | - if (check_table_name(table_name.str, table_name.length, FALSE)) | |
70 | - { | |
71 | - /* this is OK due to convert_string() null-terminating the string */ | |
72 | - my_error(ER_WRONG_TABLE_NAME, MYF(0), table_name.str); | |
73 | + table_name.length= copy_and_convert(table_name.str, | |
74 | + sizeof(table_name_buff)-1, | |
75 | + system_charset_info, | |
76 | + packet, table_name.length, | |
77 | + thd->charset(), &dummy_errors); | |
78 | + table_name.str[table_name.length]= '\0'; | |
79 | + if (!(fields= (char *) thd->memdup(wildcard, query_length + 1))) | |
80 | break; | |
81 | - } | |
82 | - packet= arg_end + 1; | |
83 | mysql_reset_thd_for_next_command(thd); | |
84 | lex_start(thd); | |
85 | /* Must be before we init the table list. */ | |
11822e22 | 86 | @@ -1171,9 +1177,6 @@ |
b4e1fa2c AM |
87 | table_list.schema_table= schema_table; |
88 | } | |
89 | ||
90 | - uint query_length= (uint) (packet_end - packet); // Don't count end \0 | |
91 | - if (!(fields= (char *) thd->memdup(packet, query_length + 1))) | |
92 | - break; | |
93 | thd->set_query(fields, query_length); | |
94 | general_log_print(thd, command, "%s %s", table_list.table_name, fields); | |
95 | ||
96 | diff -ruN a/strings/ctype-utf8.c b/strings/ctype-utf8.c | |
11822e22 AM |
97 | --- a/strings/ctype-utf8.c 2011-04-09 18:48:03.000000000 +0400 |
98 | +++ b/strings/ctype-utf8.c 2011-04-09 18:49:02.000000000 +0400 | |
b4e1fa2c AM |
99 | @@ -4212,6 +4212,10 @@ |
100 | { | |
101 | int code; | |
102 | char hex[]= "0123456789abcdef"; | |
103 | + | |
104 | + if (s >= e) | |
105 | + return MY_CS_TOOSMALL; | |
106 | + | |
107 | if (wc < 128 && filename_safe_char[wc]) | |
108 | { | |
109 | *s= (uchar) wc; |