database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

BUG#20622: Fix one-byte buffer overrun in IM directory string handling.

Browse Source 
The problem was a call to convert_dirname() with a destination buffer
that did not have room for the trailing slash added by that function.
This could cause the instance manager to crash in some cases.
This commit is contained in:
knielsen@mysql.com
2006-06-23 14:50:02 +02:00
parent 01046bb756
commit 98a5cdfe4c
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server-tools/instance-manager/instance_options.cc
View File

@ -391,8 +391,13 @@ int Instance_options::complete_initialization(const char *default_path,
const char *tmp;
char *end;
if (!mysqld_path && !(mysqld_path= strdup_root(&alloc, default_path)))
goto err;
if (!mysqld_path)
{
// Need one extra byte, as convert_dirname() adds a slash at the end.
if (!(mysqld_path= alloc_root(&alloc, strlen(default_path) + 2)))
goto err;
strcpy((char *)mysqld_path, default_path);
}
// it's safe to cast this to char* since this is a buffer we are allocating
end= convert_dirname((char*)mysqld_path, mysqld_path, NullS);