Bug#31752: check strmake() bounds

strmake() called with wrong parameters: 5.0-specific fixes.
author: tnurnberg@mysql.com/white.intern.koehntopp.de <> 2007-11-26 09:13:23 +0100
committer: tnurnberg@mysql.com/white.intern.koehntopp.de <> 2007-11-26 09:13:23 +0100
commit: 883338a9498d6a02cdb6de102abad58f9f49575a (patch)
tree: af61eb4308a4957b098cc00e4e557672f7f68cfa
parent: f91cf9c7cf13c82db0447a30dd9cc91be1b12cad (diff)
download: mariadb-git-883338a9498d6a02cdb6de102abad58f9f49575a.tar.gz
2 files changed, 5 insertions, 2 deletions
diff --git a/client/mysql.cc b/client/mysql.cc
index 8e1b6c2a9b4..ff2c1d228cd 100644
--- a/client/mysql.cc
+++ b/client/mysql.cc
@@ -2987,7 +2987,10 @@ com_connect(String *buffer, char *line)
       Two null bytes are needed in the end of buff to allow
       get_arg to find end of string the second time it's called.
     */
-    strmake(buff, line, sizeof(buff)-2);
+    tmp= strmake(buff, line, sizeof(buff)-2);
+#ifdef EXTRA_DEBUG
+    tmp[1]= 0;
+#endif
     tmp= get_arg(buff, 0);
     if (tmp && *tmp)
     {
diff --git a/sql/sp.cc b/sql/sp.cc
index 75d6fa4618f..bae5933aec1 100644
--- a/sql/sp.cc
+++ b/sql/sp.cc
@@ -1902,7 +1902,7 @@ sp_use_new_db(THD *thd, LEX_STRING new_db, LEX_STRING *old_db,
 
   if (thd->db)
   {
-    old_db->length= (strmake(old_db->str, thd->db, old_db->length) -
+    old_db->length= (strmake(old_db->str, thd->db, old_db->length - 1) -
                      old_db->str);
   }
   else
author	tnurnberg@mysql.com/white.intern.koehntopp.de <>	2007-11-26 09:13:23 +0100
committer	tnurnberg@mysql.com/white.intern.koehntopp.de <>	2007-11-26 09:13:23 +0100
commit	883338a9498d6a02cdb6de102abad58f9f49575a (patch)
tree	af61eb4308a4957b098cc00e4e557672f7f68cfa
parent	f91cf9c7cf13c82db0447a30dd9cc91be1b12cad (diff)
download	mariadb-git-883338a9498d6a02cdb6de102abad58f9f49575a.tar.gz