VladPolskiy/MariaDB-open-code
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-15 22:37:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

MDEV-25178 JSON_TABLE: ASAN use-after-poison in my_fill_8bit Json_table_column::On_response::respond.

Browse Source 
table record buffer size was smaller than required when the charset
changes.
This commit is contained in:
Alexey Botchkov
2021-03-22 15:34:27 +04:00
parent 6f56458a76
commit 90c4dff5ab
4 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
sql/json_table.cc
View File

@ -811,7 +811,7 @@ bool Create_json_table::add_json_table_fields(THD *thd, TABLE *table,
*/
sql_f->length= sql_f->char_length;
if (!(jc->m_explicit_cs= sql_f->charset))
sql_f->charset= thd->variables.collation_server;
sql_f->charset= &my_charset_utf8mb4_bin;
if (sql_f->prepare_stage1(thd, thd->mem_root, table->file,
table->file->ha_table_flags()))
@ -1148,12 +1148,12 @@ int Table_function_json_table::setup(THD *thd, TABLE_LIST *sql_table,
Json_table_column *jc= jc_i++;
uint32 old_pack_length= f->pack_length();
f->change_charset(
jc->m_explicit_cs ? jc->m_explicit_cs : m_json->collation);
if (field_offset)
if (f->change_charset(
jc->m_explicit_cs ? jc->m_explicit_cs : m_json->collation) ||
field_offset)
{
f->move_field(f->ptr + field_offset, f->null_ptr, f->null_bit);
if (field_offset)
f->move_field(f->ptr + field_offset, f->null_ptr, f->null_bit);
f->reset();
}