MySQL bug 13871079

1. ------------------------------------------------------------
2. revno: 3313
3. tags: clone-5.5.24-build
4. committer: Tor Didriksen <tor.didriksen@oracle.com>
5. branch nick: 5.5-security
6. timestamp: Thu 2012-04-12 15:04:22 +0200
7. message:
8.   Bug#13871079 RQG_MYISAM_DML_ALTER_VALGRIND FAILS ON VALGRIND PN PB2
9.  
10.   The class Copy_field contains a String tmp,
11.   which may allocate memory on the heap.
12.   That means that all instances of Copy_field
13.   must be properly destroyed. Alas they are not.
14.  
15.   Solution: don't use Copy_field::tmp for copying
16.   from_field => tmp => to_field
17.   in do_field_string()
18.  
19.  
20. diff -Nau mysql-5.5.23/sql/field_conv.cc mysql-5.5.24/sql/field_conv.cc
21. --- mysql-5.5.23/sql/field_conv.cc  2012-03-29 21:07:12.000000000 +0200
22. +++ mysql-5.5.24/sql/field_conv.cc  2012-04-19 13:01:23.000000000 +0200
23. @@ -317,10 +317,11 @@
24.  static void do_field_string(Copy_field *copy)
25.  {
26.    char buff[MAX_FIELD_WIDTH];
27. -  copy->tmp.set_quick(buff,sizeof(buff),copy->tmp.charset());
28. -  copy->from_field->val_str(&copy->tmp);
29. -  copy->to_field->store(copy->tmp.c_ptr_quick(),copy->tmp.length(),
30. -                        copy->tmp.charset());
31. +  String res(buff, sizeof(buff), copy->from_field->charset());
32. +  res.length(0U);
33. +
34. +  copy->from_field->val_str(&res);
35. +  copy->to_field->store(res.c_ptr_quick(), res.length(), res.charset());
36.  }
37.  
38.  
39. @@ -563,7 +564,7 @@
40.  /*
41.    To do:
42.  
43. -  If 'save\ is set to true and the 'from' is a blob field, do_copy is set to
44. +  If 'save' is set to true and the 'from' is a blob field, do_copy is set to
45.    do_save_blob rather than do_conv_blob.  The only differences between them
46.    appears to be: