- Committer: Alexey Kopytov
- Date: 2012-03-25 11:34:06 UTC
- Revision ID: akopytov@gmail.com-20120325113406-wl55qmaakkhc6x0i
Bug #856404: Crash when query_cache_strip_comments enabled
Added a simple fix for the bug after reverting the previous patch with
refactoring.
The original problem was that callers of QueryStripComments::set() did
not take the terminating zero in a query string into account when
calculating the additional_length argument value. It was calculated as
(thd->db_length + 1 + QUERY_CACHE_FLAGS_SIZE), though the query cache
buffer layout was as follows:
<statement>
'\0'
<db_name>
'\0'
<flags>
So the allocated buffer length was 1 byte less than
necessary. additional_length should have been calculated as (1 +
thd->db_length + 1 + QUERY_CACHE_FLAGS_SIZE). Additionally, the query
parsing code in QueryStripComments::set() could overrun the buffer due
to incorrect handling of apostrophes.
On top of that, the query cache buffer layout was changed in 5.5.18 as
follows:
<statement>
'\0'
<length of db_name as a size_t value>
<db_name>
<flags>
So the formula for additional_length becomes:
(1 + sizeof(size_t) + thd->db_length + QUERY_CACHE_FLAGS_SIZE)
Fixed by taking the above into account when calling
QueryStripComments::set() and porting a test case for bug #856404 from
the original patch.
Added a simple fix for the bug after reverting the previous patch with
refactoring.
The original problem was that callers of QueryStripComments::set() did
not take the terminating zero in a query string into account when
calculating the additional_length argument value. It was calculated as
(thd->db_length + 1 + QUERY_CACHE_FLAGS_SIZE), though the query cache
buffer layout was as follows:
<statement>
'\0'
<db_name>
'\0'
<flags>
So the allocated buffer length was 1 byte less than
necessary. additional_length should have been calculated as (1 +
thd->db_length + 1 + QUERY_CACHE_FLAGS_SIZE). Additionally, the query
parsing code in QueryStripComments::set() could overrun the buffer due
to incorrect handling of apostrophes.
On top of that, the query cache buffer layout was changed in 5.5.18 as
follows:
<statement>
'\0'
<length of db_name as a size_t value>
<db_name>
<flags>
So the formula for additional_length becomes:
(1 + sizeof(size_t) + thd->db_length + QUERY_CACHE_FLAGS_SIZE)
Fixed by taking the above into account when calling
QueryStripComments::set() and porting a test case for bug #856404 from
the original patch.
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 .. |
|||||||
build
|
33.3.1 | 13 years ago | Aleksandr Kuzminsky | RPM .spec file is added to build Percona Server ba |
|
||
|
doc
|
140.10.3 | 12 years ago | Rodrigo Gadea | Initial commit of the new Percona Server 5.5 docum |
|
||
|
HandlerSocket-Plugin-for-MySQL
|
33.3.1 | 13 years ago | Aleksandr Kuzminsky | RPM .spec file is added to build Percona Server ba |
|
||
|
patches
|
140.4.1 | 12 years ago | Stewart Smith | move to using quilt for patch management. also has |
|
||
|
python-for-subunit2junitxml
|
175.1.1 | 12 years ago | Stewart Smith | add subunit2junitxml and needed libraries |
|
||
|
UDF
|
33.3.1 | 13 years ago | Aleksandr Kuzminsky | RPM .spec file is added to build Percona Server ba |
|
||
.bzrignore |
140.10.3 | 12 years ago | Rodrigo Gadea | Initial commit of the new Percona Server 5.5 docum | 6 bytes |
|
|
apply_patches |
140.4.3 | 12 years ago | Oleg Tsarev | 1. Makefile: * add symlink to quiltrc to $(PERC | 273 bytes |
|
|
|
COPYING.innodb-deadlock-count-patch |
10 | 13 years ago | Oleg Tsarev | propogate Oleg's patches | 1.6 KB |
|
|
|
COPYING.show_temp_51 |
10 | 13 years ago | Oleg Tsarev | propogate Oleg's patches | 1.6 KB |
|
|
|
handlersocket.patch |
88.2.28 | 13 years ago | Ignacio Nin | Include Maatkit UDFs and HandlerSocket Include th | 1.4 KB |
|
|
|
lrusort.py |
11 | 13 years ago | Oleg Tsarev | return back lrusort.py | 696 bytes |
|
|
|
Makefile |
222.4.2 | 12 years ago | Laurynas Biveinis | Rebase Percona Server on MySQL 5.5.21. - Makefile | 3.9 KB |
|
|
|
normalize_patches |
140.4.3 | 12 years ago | Oleg Tsarev | 1. Makefile: * add symlink to quiltrc to $(PERC | 141 bytes |
|
|
|
quiltrc |
140.4.3 | 12 years ago | Oleg Tsarev | 1. Makefile: * add symlink to quiltrc to $(PERC | 198 bytes |
|
|
|
README.HandlerSocket |
88.2.18 | 13 years ago | Ignacio Nin | Update HandlerSocket Update HandlerSocket to comm | 429 bytes |
|
|
|
subunit2junitxml |
175.1.1 | 12 years ago | Stewart Smith | add subunit2junitxml and needed libraries | 2.2 KB |
|
|
|
uninstall_tests.sh |
10 | 13 years ago | Oleg Tsarev | propogate Oleg's patches | 629 bytes |
|
|