database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

Bug#31752: check strmake() bounds

Browse Source 
strmake() called with wrong parameters:
5.0-specific fixes.


client/mysql.cc:
  In debug-mode, strmake() fills unused part of buffer with
  a test-pattern. This overwrites our previous extra '\0'
  (from previous bzero()).
sql/sp.cc:
  off-by-one buffer-size.
This commit is contained in:
unknown
2007-11-26 09:13:23 +01:00
parent fe280afa26
commit 1c72446ef6
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
client/mysql.cc
View File

@@ -2987,7 +2987,10 @@ com_connect(String *buffer, char *line)
Two null bytes are needed in the end of buff to allow Two null bytes are needed in the end of buff to allow
get_arg to find end of string the second time it's called. get_arg to find end of string the second time it's called.
*/ */
strmake(buff, line, sizeof(buff)-2); tmp= strmake(buff, line, sizeof(buff)-2);
#ifdef EXTRA_DEBUG
tmp[1]= 0;
#endif
tmp= get_arg(buff, 0); tmp= get_arg(buff, 0);
if (tmp && *tmp) if (tmp && *tmp)
{ {

2
sql/sp.cc
View File

@@ -1902,7 +1902,7 @@ sp_use_new_db(THD *thd, LEX_STRING new_db, LEX_STRING *old_db,
if (thd->db) if (thd->db)
{ {
old_db->length= (strmake(old_db->str, thd->db, old_db->length) - old_db->length= (strmake(old_db->str, thd->db, old_db->length - 1) -
old_db->str); old_db->str);
} }
else else