Fix for bug #29015 "Stack overflow in processing temporary table name when tmpdir path is long"

In create_tmp_table() don't set full table path as a table name. Other code assumes table names to not exceed NAME_LEN bytes.

mysql-test/r/long_tmpdir.result

@@ -0,0 +1,3 @@
+create view v1 as select table_name from information_schema.tables;
+drop view v1;
+End of 5.0 tests

mysql-test/t/long_tmpdir-master.opt

@@ -0,0 +1 @@
+--tmpdir=$MYSQLTEST_VARDIR/tmp/long_temporary_directory_path_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789

mysql-test/t/long_tmpdir-master.sh

@@ -0,0 +1,3 @@
+d="$MYSQLTEST_VARDIR/tmp/long_temporary_directory_path_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789"
+test -d "$d" || mkdir "$d"
+rm -f "$d"/*

mysql-test/t/long_tmpdir.test

@@ -0,0 +1,9 @@
+#
+# Bug #29015: Stack overflow in processing temporary table name when tmpdir path
+#             is long
+#
+
+create view v1 as select table_name from information_schema.tables;
+drop view v1;
+
+--echo End of 5.0 tests

sql/sql_select.cc

@@ -9102,7 +9102,7 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List<Item> &fields,
   bool  using_unique_constraint= 0;
   bool  use_packed_rows= 0;
   bool  not_all_columns= !(select_options & TMP_TABLE_ALL_COLUMNS);
-  char	*tmpname,path[FN_REFLEN];
+  char	*tmpname, *tmppath, path[FN_REFLEN], table_name[NAME_LEN+1];
   byte	*pos,*group_buff;
   uchar *null_flags;
   Field **reg_field, **from_field, **default_field;
@@ -9125,12 +9125,12 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List<Item> &fields,
     temp_pool_slot = bitmap_set_next(&temp_pool);
 
   if (temp_pool_slot != MY_BIT_NONE) // we got a slot
-    sprintf(path, "%s_%lx_%i", tmp_file_prefix,
+    sprintf(table_name, "%s_%lx_%i", tmp_file_prefix,
-	    current_pid, temp_pool_slot);
+            current_pid, temp_pool_slot);
   else
   {
     /* if we run out of slots or we are not using tempool */
-    sprintf(path,"%s%lx_%lx_%x", tmp_file_prefix,current_pid,
+    sprintf(table_name, "%s%lx_%lx_%x", tmp_file_prefix,current_pid,
             thd->thread_id, thd->tmp_table++);
   }
 
@@ -9138,7 +9138,8 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List<Item> &fields,
     No need to change table name to lower case as we are only creating
     MyISAM or HEAP tables here
   */
-  fn_format(path, path, mysql_tmpdir, "", MY_REPLACE_EXT|MY_UNPACK_FILENAME);
+  fn_format(path, table_name, mysql_tmpdir, "",
+            MY_REPLACE_EXT|MY_UNPACK_FILENAME);
 
   if (group)
   {
@@ -9183,7 +9184,8 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List<Item> &fields,
                         sizeof(*key_part_info)*(param->group_parts+1),
                         &param->start_recinfo,
                         sizeof(*param->recinfo)*(field_count*2+4),
-                        &tmpname, (uint) strlen(path)+1,
+                        &tmppath, (uint) strlen(path)+1,
+                        &tmpname, (uint) strlen(table_name)+1,
                         &group_buff, group && ! using_unique_constraint ?
                         param->group_length : 0,
                         NullS))
@@ -9201,7 +9203,8 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List<Item> &fields,
     DBUG_RETURN(NULL);				/* purecov: inspected */
   }
   param->items_to_copy= copy_func;
-  strmov(tmpname,path);
+  strmov(tmppath, path);
+  strmov(tmpname, table_name);
   /* make table according to fields */
 
   bzero((char*) table,sizeof(*table));
@@ -9227,7 +9230,8 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List<Item> &fields,
 
   table->s= &table->share_not_to_be_used;
   table->s->blob_field= blob_field;
-  table->s->table_name= table->s->path= tmpname;
+  table->s->table_name= tmpname;
+  table->s->path= tmppath;
   table->s->db= "";
   table->s->blob_ptr_size= mi_portable_sizeof_char_ptr;
   table->s->tmp_table= NON_TRANSACTIONAL_TMP_TABLE;