| Bug #7495 | QUOTE() with LTRIM() or TRIM() crashes 4.0 server | ||
|---|---|---|---|
| Submitted: | 22 Dec 2004 20:19 | Modified: | 23 Dec 2004 20:10 |
| Reporter: | Sinisa Milivojevic | ||
| Status: | Closed | ||
| Category: | Server | Severity: | S1 (Critical) |
| Version: | 4.0 and all higher versions | OS: | Any (any) |
| Assigned to: | Sinisa Milivojevic | Target Version: | |
[23 Dec 2004 20:10]
Sinisa Milivojevic
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.
If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information
about accessing the source trees is available at
http://www.mysql.com/doc/en/Installing_source_tree.html
Additional info:
ChangeSet 1.2026
Description: In many situations involving quote() within which ltrim() or trim() functions are called leads to buffer underrun and on any further operation on the crash. This simply destroys the heap. This is discovered by both SAFEMALLOC and Purify. How to repeat: drop table if exists t1; create table t1 (a varchar(80), b varchar(80)); insert into t1 values(NULL,"12345"); insert into t1 values(NULL,"chm"); select quote(ltrim(concat(' ',t1.b))) from t1; select quote(trim(concat(' ',t1.b))) from t1; drop table if exists t1; Suggested fix: both LTRIM() and TRIM() should have string buffer allocated and not just set.