database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Bug#31588: buffer overrun when setting variables

Browse Source 
Buffer used when setting variables was not dimensioned to accomodate
trailing '\0'. An overflow by one character was therefore possible.
CS corrects limits to prevent such overflows.
This commit is contained in:
tnurnberg@sin.intern.azundris.com
2007-10-18 10:47:54 +02:00
parent 39f6cbc221
commit e6ef54b31f
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
mysql-test/r/variables.result
View File

@ -561,3 +561,6 @@ set @@query_prealloc_size = @test;
select @@query_prealloc_size = @test; select @@query_prealloc_size = @test;
@@query_prealloc_size = @test @@query_prealloc_size = @test
1 1
set global sql_mode=repeat('a',80);
ERROR 42000: Variable 'sql_mode' can't be set to the value of 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
End of 4.1 tests

9
mysql-test/t/variables.test
View File

@ -447,4 +447,11 @@ set @test = @@query_prealloc_size;
set @@query_prealloc_size = @test; set @@query_prealloc_size = @test;
select @@query_prealloc_size = @test; select @@query_prealloc_size = @test;
# End of 4.1 tests #
# Bug#31588 buffer overrun when setting variables
#
# Buffer-size Off By One. Should throw valgrind-warning without fix #31588.
--error 1231
set global sql_mode=repeat('a',80);
--echo End of 4.1 tests

2
sql/set_var.cc
View File

@ -1573,7 +1573,7 @@ bool sys_var::check_set(THD *thd, set_var *var, TYPELIB *enum_names)
&not_used)); &not_used));
if (error_len) if (error_len)
{ {
strmake(buff, error, min(sizeof(buff), error_len)); strmake(buff, error, min(sizeof(buff) - 1, error_len));
goto err; goto err;
} }
} }