Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.2
-
None
-
MXS-SPRINT-57
Description
exec stmt_prepare command(command id 0x16) select 'fff..'; this packet size 16M-1, not include header; now the connect hang.
pseudo code:
input : sqlsize = 16777215
int sql_str_size(unsigned int sqlsize) |
{
|
char prefx[] = "select ''"; |
return sqlsize - strlen(prefx) - 1; |
}
|
|
|
void gen_select_sqlstr(char *sqlstr, unsigned int strsize, int sqlsize) |
{
|
strcpy(sqlstr, "select '"); |
memset(sqlstr+strlen("select '"), 'f', strsize); |
sqlstr[sqlsize-2] = '\''; |
sqlstr[sqlsize-1] = '\0'; |
}
|
|
|
void test() |
{
|
strsize = sql_str_size(sqlsize);
|
|
|
sqlstr = (char *)malloc(sqlsize); |
gen_select_sqlstr(sqlstr, strsize, sqlsize);
|
|
|
if (mysql_stmt_prepare(stmt, sqlstr, strlen(sqlstr)) != 0) // where strlen(sqlstr) == 16777215 |
}
|