~percona-dev/percona-server/5.1.57-fix_bug_785564

# name       : bug580324.patch

# introduced : 11 or before

# maintainer : Oleg

#

#!!! notice !!!

# Any small change to this file in the main branch

# should be done or reviewed by the maintainer!

diff -ruN a/sql/sql_base.cc b/sql/sql_base.cc

--- a/sql/sql_base.cc	2010-05-27 19:54:18.000000000 +0400

+++ b/sql/sql_base.cc	2010-05-27 19:55:20.000000000 +0400

@@ -233,8 +233,12 @@

 uint create_table_def_key(THD *thd, char *key, TABLE_LIST *table_list,

                           bool tmp_table)

 {

-  uint key_length= (uint) (strmov(strmov(key, table_list->db)+1,

-                                  table_list->table_name)-key)+1;

+  char *db_end= strnmov(key, table_list->db, MAX_DBKEY_LENGTH - 2);

+  *db_end++= '\0';

+  char *table_end= strnmov(db_end, table_list->table_name,

+                           key + MAX_DBKEY_LENGTH - 1 - db_end);

+  *table_end++= '\0';

+  uint key_length= (uint) (table_end-key);

   if (tmp_table)

   {

     int4store(key + key_length, thd->server_id);

diff -ruN a/sql/sql_parse.cc b/sql/sql_parse.cc

--- a/sql/sql_parse.cc	2010-05-27 19:54:18.000000000 +0400

+++ b/sql/sql_parse.cc	2010-05-27 20:03:20.000000000 +0400

@@ -1327,10 +1327,12 @@

     break;

 #else

   {

-    char *fields, *packet_end= packet + packet_length, *arg_end;

+    char *fields, *packet_end= packet + packet_length, *wildcard;

     /* Locked closure of all tables */

     TABLE_LIST table_list;

-    LEX_STRING conv_name;

+    char db_buff[NAME_LEN+1];

+    uint32 db_length;

+    uint dummy_errors;

     /* used as fields initializator */

     lex_start(thd);

@@ -1342,26 +1344,22 @@

     /*

       We have name + wildcard in packet, separated by endzero

     */

-    arg_end= strend(packet);

-    uint arg_length= arg_end - packet;

-    

-    /* Check given table name length. */

-    if (arg_length >= packet_length || arg_length > NAME_LEN)

+    wildcard= strend(packet);

+    db_length= wildcard - packet;

+    wildcard++;

+    uint query_length= (uint) (packet_end - wildcard); // Don't count end \0

+    if (db_length > NAME_LEN || query_length > NAME_LEN)

     {

       my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0));

       break;

     }

-    thd->convert_string(&conv_name, system_charset_info,

-			packet, arg_length, thd->charset());

-    if (check_table_name(conv_name.str, conv_name.length, FALSE))

-    {

-      /* this is OK due to convert_string() null-terminating the string */

-      my_error(ER_WRONG_TABLE_NAME, MYF(0), conv_name.str);

+    db_length= copy_and_convert(db_buff, sizeof(db_buff)-1,

+                                system_charset_info, packet, db_length,

+                                thd->charset(), &dummy_errors);

+    db_buff[db_length]= '\0';

+    table_list.alias= table_list.table_name= db_buff;

+    if (!(fields= (char *) thd->memdup(wildcard, query_length + 1)))

       break;

-    }

-

-    table_list.alias= table_list.table_name= conv_name.str;

-    packet= arg_end + 1;

     if (is_schema_db(table_list.db, table_list.db_length))

     {

@@ -1370,9 +1368,6 @@

         table_list.schema_table= schema_table;

     }

-    uint query_length= (uint) (packet_end - packet); // Don't count end \0

-    if (!(fields= (char *) thd->memdup(packet, query_length + 1)))

-      break;

     thd->set_query(fields, query_length);

     general_log_print(thd, command, "%s %s", table_list.table_name, fields);

     if (lower_case_table_names)

diff -ruN a/strings/ctype-utf8.c b/strings/ctype-utf8.c

--- a/strings/ctype-utf8.c	2010-05-06 19:28:05.000000000 +0400

+++ b/strings/ctype-utf8.c	2010-05-27 20:04:20.000000000 +0400

@@ -4116,6 +4116,10 @@

 {

   int code;

   char hex[]= "0123456789abcdef";

+

+  if (s >= e)

+    return MY_CS_TOOSMALL;

+

   if (wc < 128 && filename_safe_char[wc])

   {

     *s= (uchar) wc;