Bug #7495 QUOTE() with LTRIM() or TRIM() crashes 4.0 server
Submitted: 22 Dec 2004 19:19 Modified: 23 Dec 2004 19:10
Reporter: SINISA MILIVOJEVIC Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:4.0 and all higher versions OS:Any (any)
Assigned to: CPU Architecture:Any

[22 Dec 2004 19:19] SINISA MILIVOJEVIC
Description:
In many situations involving quote() within which ltrim() or trim() functions are called leads to buffer underrun and on any further operation on the crash.

This simply destroys the heap.

This is discovered by both SAFEMALLOC and Purify.

How to repeat:
drop table if exists t1;
create table t1 (a varchar(80), b varchar(80));
insert into t1 values(NULL,"12345");
insert into t1 values(NULL,"chm");
select quote(ltrim(concat('  ',t1.b))) from t1;
select quote(trim(concat('  ',t1.b))) from t1;
drop table if exists t1;

Suggested fix:
both LTRIM() and TRIM() should have string buffer allocated and not just set.
[23 Dec 2004 19:10] MySQL Verification Team
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

ChangeSet 1.2026