database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-05 12:42:17 +03:00
Code Activity

MDEV-34205: ASAN stack buffer overflow in strxnmov() in frm_file_exists

Browse Source 
Correct the second parameter for strxnmov to prevent potential buffer
overflows. The second parameter must be one less than the size of the
input buffer to avoid writing past the end of the buffer.

While the second parameter is usually correct, there are exceptions
that need fixing.

This commit addresses the issue within frm_file_exists() and other
affected places.
This commit is contained in:
Vladislav Vaintroub
2024-05-21 16:03:13 +02:00
parent 7c4c082349
commit 736449d30f
7 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sql/sql_parse.cc
View File

@ -9564,7 +9564,7 @@ sql_kill_user(THD *thd, LEX_USER *user, killed_state state)
break;
case ER_KILL_DENIED_ERROR:
char buf[DEFINER_LENGTH+1];
strxnmov(buf, sizeof(buf), user->user.str, "@", user->host.str, NULL);
strxnmov(buf, sizeof(buf)-1, user->user.str, "@", user->host.str, NULL);
my_printf_error(ER_KILL_DENIED_ERROR, ER_THD(thd, ER_CANNOT_USER), MYF(0),
"KILL USER", buf);
break;