database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

Fixed access to undefined memory found by valgrind and MSAN

Browse Source 
When my_vsnprintf() is patched, the code protected disabled with
'WAITING_FOR_BUGFIX_TO_VSPRINTF' should be enabled again. Also all %b
formats in this patch should be revert to %s again
This commit is contained in:
Monty
2020-05-15 16:15:49 +03:00
parent dcc0baf540
commit c4bf4b7aef
13 changed files with 42 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
extra/replace.c
View File

@@ -64,7 +64,7 @@ typedef struct st_pointer_array { /* when using array-strings */
#define LAST_CHAR_CODE 259
typedef struct st_replace {
my_bool found;
uint8 found;
struct st_replace *next[256];
} REPLACE;
@@ -654,7 +654,13 @@ static REPLACE *init_replace(char * *from, char * *to,uint count,
for (i=1 ; i <= found_sets ; i++)
{
pos=from[found_set[i-1].table_offset];
rep_str[i].found= (my_bool) (!memcmp(pos,"\\^",3) ? 2 : 1);
/*
Test if we are matching start of string (\^)
We can't use bcmp() here as pos may be only 1 character and
that would confuse MSAN.
*/
rep_str[i].found= (uint8) ((pos[0] == '\\' && pos[1] == '^' &&
pos[2] == 0) ? 2 : 1);
rep_str[i].replace_string=to_array[found_set[i-1].table_offset];
rep_str[i].to_offset=found_set[i-1].found_offset-start_at_word(pos);
rep_str[i].from_offset=found_set[i-1].found_offset-replace_len(pos)+