Bug #40097 | mysql_register_view initializes query.str to a stack allocated buffer | ||
---|---|---|---|
Submitted: | 17 Oct 2008 2:36 | Modified: | 29 Oct 2008 11:59 |
Reporter: | Mark Callaghan | Email Updates: | |
Status: | Duplicate | Impact on me: | |
Category: | MySQL Server: Views | Severity: | S2 (Serious) |
Version: | 5.0.67, 5.0 bzr | OS: | Any |
Assigned to: | Assigned Account | CPU Architecture: | Any |
Tags: | Contribution, invalid, mysql_register_view, read, valgrind |
[17 Oct 2008 2:36]
Mark Callaghan
[17 Oct 2008 8:14]
Sveta Smirnova
Thank you for the report. Verified as described.
[17 Oct 2008 17:48]
Mark Callaghan
This fixes the valgrind warning. I have used statement duration memory by allocating from THD::mem_root. Given that TABLE_LIST instances are also allocated from there, I think that is OK for now. --- orig/sql/sql_view.cc 2008-08-04 05:20:12.000000000 -0700 +++ new/sql/sql_view.cc 2008-10-17 10:46:38.000000000 -0700 @@ -774,8 +774,16 @@ DBUG_PRINT("info", ("View: %s", str.ptr())); /* fill structure */ - view->query.str= str.c_ptr_safe(); + view->query.str= thd->alloc(str.length() + 1); + if (!view->query.str) + { + my_error(ER_OUTOFMEMORY, MYF(0), str.length()+1); + error= -1; + goto err; + } + memcpy(view->query.str, str.ptr(), str.length()); view->query.length= str.length(); + view->query.str[view->query.length]= '\0'; view->source.str= thd->query + thd->lex->create_view_select_start; view->source.length= (char *)skip_rear_comments(thd->charset(), (char *)view->source.str,
[29 Oct 2008 11:59]
Sergei Glukhov
bug#39040