-
Maheedhar PV authored
Problem: In the concat method we have a case where there is a possibility of generating corrupt output. This is because, to check if a string is a substring of another, we check if the substring pointer is less than or equal to the base string pointer + its length. The base string can span only till(less than and not equal to) its pointer + length. If the pointer of the string being checked is allocated immediately after the base string, it wrongly gets treated as a substring even though it is not and hence the corruption. Fix: The implementation of the methods Item_func_concat::val_str() and Item_func_concat_ws::val_str() is simplified in 8.0. Backporting the same to avoid possibility of overlap. Change-Id: I0ed184f41981301b2b6454865f96f6d0174de5e1
Maheedhar PV authoredProblem: In the concat method we have a case where there is a possibility of generating corrupt output. This is because, to check if a string is a substring of another, we check if the substring pointer is less than or equal to the base string pointer + its length. The base string can span only till(less than and not equal to) its pointer + length. If the pointer of the string being checked is allocated immediately after the base string, it wrongly gets treated as a substring even though it is not and hence the corruption. Fix: The implementation of the methods Item_func_concat::val_str() and Item_func_concat_ws::val_str() is simplified in 8.0. Backporting the same to avoid possibility of overlap. Change-Id: I0ed184f41981301b2b6454865f96f6d0174de5e1
Loading