From d9b0a62e936007d14a651bfa85d892eb8db93dde Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 21 Oct 2005 13:08:00 +0200 Subject: [PATCH] Post-review fix. sql/sp_head.cc: Post-review fix; changed string copying method (+ fixed comment typo and indention). --- sql/sp_head.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sql/sp_head.cc b/sql/sp_head.cc index 65e6a239242..abc66ce0b21 100644 --- a/sql/sp_head.cc +++ b/sql/sp_head.cc @@ -295,7 +295,7 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type, /* For some functions, 's' is now pointing to an argument of the - function, which might be a local variable that it to be reused. + function, which might be a local variable that is to be reused. In this case, new(reuse, &rsize) below will call the destructor and 's' ends up pointing to freed memory. A somewhat ugly fix is to simply copy the string to our local one @@ -304,7 +304,8 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type, */ if (reuse && s != &tmp && s != &it->str_value) { - tmp.copy(s->c_ptr(), s->length(), it->collation.collation); + if (tmp.copy((const String)(*s))) + DBUG_RETURN(NULL); s= &tmp; } @@ -338,7 +339,7 @@ sp_eval_func_item(THD *thd, Item **it_addr, enum enum_field_types type, return_null_item: CREATE_ON_CALLERS_ARENA(it= new(reuse, &rsize) Item_null(), - use_callers_arena, &backup_arena); + use_callers_arena, &backup_arena); end: it->rsize= rsize;