Merge tnurnberg@bk-internal.mysql.com:/home/bk/mysql-5.1-opt

into  mysql.com:/misc/mysql/31752_/51-31752_

7 files changed, 34 insertions, 21 deletions

diff --git a/client/mysql.cc b/client/mysql.cc
index d30b60732bc..27d8725aefe 100644
--- a/client/mysql.cc
+++ b/client/mysql.cc
@@ -3115,7 +3115,10 @@ com_connect(String *buffer, char *line)
       Two null bytes are needed in the end of buff to allow
       get_arg to find end of string the second time it's called.
     */
-    strmake(buff, line, sizeof(buff)-2);
+    tmp= strmake(buff, line, sizeof(buff)-2);
+#ifdef EXTRA_DEBUG
+    tmp[1]= 0;
+#endif
     tmp= get_arg(buff, 0);
     if (tmp && *tmp)
     {
diff --git a/mysys/mf_pack.c b/mysys/mf_pack.c
index a31b9595c85..63525e4d927 100644
--- a/mysys/mf_pack.c
+++ b/mysys/mf_pack.c
@@ -282,7 +282,7 @@ void symdirget(char *dir)
 
   SYNOPSIS
     unpack_dirname()
-    to			Store result here.  May be = from
+    to			result-buffer, FN_REFLEN characters. may be == from
     from		'Packed' directory name (may contain ~)
 
  IMPLEMENTATION
@@ -408,7 +408,7 @@ size_t unpack_filename(char * to, const char *from)
 
 	/* Convert filename (unix standard) to system standard */
 	/* Used before system command's like open(), create() .. */
-	/* Returns length of to */
+	/* Returns used length of to; total length should be FN_REFLEN */
 
 size_t system_filename(char * to, const char *from)
 {
diff --git a/sql/log.cc b/sql/log.cc
index 9fdede9ef2c..05cae07d930 100644
--- a/sql/log.cc
+++ b/sql/log.cc
@@ -2994,10 +2994,10 @@ err:
 void MYSQL_BIN_LOG::make_log_name(char* buf, const char* log_ident)
 {
   uint dir_len = dirname_length(log_file_name); 
-  if (dir_len > FN_REFLEN)
+  if (dir_len >= FN_REFLEN)
     dir_len=FN_REFLEN-1;
   strnmov(buf, log_file_name, dir_len);
-  strmake(buf+dir_len, log_ident, FN_REFLEN - dir_len);
+  strmake(buf+dir_len, log_ident, FN_REFLEN - dir_len -1);
 }
 
 
diff --git a/sql/repl_failsafe.cc b/sql/repl_failsafe.cc
index 834d87532af..453c26725d2 100644
--- a/sql/repl_failsafe.cc
+++ b/sql/repl_failsafe.cc
@@ -925,7 +925,7 @@ bool load_master_data(THD* thd)
 			     0, (SLAVE_IO | SLAVE_SQL)))
           my_message(ER_MASTER_INFO, ER(ER_MASTER_INFO), MYF(0));
 	strmake(active_mi->master_log_name, row[0],
-		sizeof(active_mi->master_log_name));
+		sizeof(active_mi->master_log_name) -1);
 	active_mi->master_log_pos= my_strtoll10(row[1], (char**) 0, &error_2);
         /* at least in recent versions, the condition below should be false */
 	if (active_mi->master_log_pos < BIN_LOG_HEADER_SIZE)
diff --git a/sql/sql_db.cc b/sql/sql_db.cc
index 7686dc695ad..f669a242508 100644
--- a/sql/sql_db.cc
+++ b/sql/sql_db.cc
@@ -1395,7 +1395,7 @@ static void backup_current_db_name(THD *thd,
   }
   else
   {
-    strmake(saved_db_name->str, thd->db, saved_db_name->length);
+    strmake(saved_db_name->str, thd->db, saved_db_name->length - 1);
     saved_db_name->length= thd->db_length;
   }
 }
diff --git a/sql/unireg.cc b/sql/unireg.cc
index dbdefd8d5b1..aab3f5606a8 100644
--- a/sql/unireg.cc
+++ b/sql/unireg.cc
@@ -227,6 +227,14 @@ bool mysql_create_frm(THD *thd, const char *file_name,
   strmake((char*) forminfo+47, create_info->comment.str ?
           create_info->comment.str : "", create_info->comment.length);
   forminfo[46]=(uchar) create_info->comment.length;
+#ifdef EXTRA_DEBUG
+  /*
+    EXTRA_DEBUG causes strmake() to initialize its buffer behind the
+    payload with a magic value to detect wrong buffer-sizes. We
+    explicitly zero that segment again.
+  */
+  memset((char*) forminfo+47 + forminfo[46], 0, 61 - forminfo[46]);
+#endif
 #ifdef WITH_PARTITION_STORAGE_ENGINE
   if (part_info)
   {
diff --git a/strings/strmake.c b/strings/strmake.c
index 0d26e1b61a9..05b5878d99c 100644
--- a/strings/strmake.c
+++ b/strings/strmake.c
@@ -27,23 +27,25 @@
 #include <my_global.h>
 #include "m_string.h"
 
-#ifdef BAD_STRING_COMPILER
-
-char *strmake(char *dst,const char *src,uint length)
+char *strmake(register char *dst, register const char *src, uint length)
 {
-  reg1 char *res;
-
-  if ((res=memccpy(dst,src,0,length)))
-    return res-1;
-  dst[length]=0;
-  return dst+length;
-}
-
-#define strmake strmake_overlapp	/* Use orginal for overlapping str */
+#ifdef EXTRA_DEBUG
+  /*
+    'length' is the maximum length of the string; the buffer needs
+    to be one character larger to accomodate the terminating '\0'.
+    This is easy to get wrong, so we make sure we write to the
+    entire length of the buffer to identify incorrect buffer-sizes.
+    We only initialise the "unused" part of the buffer here, a) for
+    efficiency, and b) because dst==src is allowed, so initialising
+    the entire buffer would overwrite the source-string. Also, we
+    write a character rather than '\0' as this makes spotting these
+    problems in the results easier.
+  */
+  uint n= strlen(src) + 1;
+  if (n <= length)
+    memset(dst + n, (int) 'Z', length - n + 1);
 #endif
 
-char *strmake(register char *dst, register const char *src, size_t length)
-{
   while (length--)
     if (! (*dst++ = *src++))
       return dst-1;