diff options
| author | Marko Mäkelä <marko.makela@mariadb.com> | 2019-03-06 11:22:27 +0200 |
|---|---|---|
| committer | Marko Mäkelä <marko.makela@mariadb.com> | 2019-03-06 11:22:27 +0200 |
| commit | b7612116850d1968dc34d5a2d7b812ebfecf67f2 (patch) | |
| tree | 31d4fa47eba2ca312848ee1d4833da839aa9cc8c | |
| parent | b21930fb0fc1a1986adac0e2a911005ad709bfe7 (diff) | |
| download | mariadb-git-b7612116850d1968dc34d5a2d7b812ebfecf67f2.tar.gz | |
MDEV-18659: Fix string truncation/overflow in InnoDB and XtraDB
Fix the warnings issued by GCC 8 -Wstringop-truncation
and -Wstringop-overflow in InnoDB and XtraDB.
This work is motivated by Jan Lindström. The patch mainly differs
from his original one as follows:
(1) We remove explicit initialization of stack-allocated string buffers.
The minimum amount of initialization that is needed is a terminating
NUL character.
(2) GCC issues a warning for invoking strncpy(dest, src, sizeof dest)
because if strlen(src) >= sizeof dest, there would be no terminating
NUL byte in dest. We avoid this problem by invoking strncpy() with
a limit that is 1 less than the buffer size, and by always writing
NUL to the last byte of the buffer.
(3) We replace strncpy() with memcpy() or strcpy() in those cases
when the result is functionally equivalent.
Note: fts_fetch_index_words() never deals with len==UNIV_SQL_NULL.
This was enforced by an assertion that limits the maximum length
to FTS_MAX_WORD_LEN. Also, the encoding that InnoDB uses for
the compressed fulltext index is not byte-order agnostic, that is,
InnoDB data files that use FULLTEXT INDEX are not portable between
big-endian and little-endian systems.
| -rw-r--r-- | extra/mariabackup/backup_copy.cc | 6 | ||||
| -rw-r--r-- | extra/mariabackup/encryption_plugin.cc | 8 | ||||
| -rw-r--r-- | extra/mariabackup/fil_cur.cc | 6 | ||||
| -rw-r--r-- | extra/mariabackup/xtrabackup.cc | 15 | ||||
| -rw-r--r-- | storage/innobase/dict/dict0dict.cc | 26 | ||||
| -rw-r--r-- | storage/innobase/fts/fts0opt.cc | 17 | ||||
| -rw-r--r-- | storage/innobase/include/dict0crea.ic | 10 | ||||
| -rw-r--r-- | storage/innobase/row/row0mysql.cc | 8 | ||||
| -rw-r--r-- | storage/innobase/srv/srv0start.cc | 7 | ||||
| -rw-r--r-- | storage/xtradb/dict/dict0dict.cc | 26 | ||||
| -rw-r--r-- | storage/xtradb/fts/fts0opt.cc | 17 | ||||
| -rw-r--r-- | storage/xtradb/include/dict0crea.ic | 10 | ||||
| -rw-r--r-- | storage/xtradb/include/log0online.h | 3 | ||||
| -rw-r--r-- | storage/xtradb/log/log0online.cc | 7 | ||||
| -rw-r--r-- | storage/xtradb/row/row0mysql.cc | 8 | ||||
| -rw-r--r-- | storage/xtradb/srv/srv0start.cc | 7 |
16 files changed, 99 insertions, 82 deletions
diff --git a/extra/mariabackup/backup_copy.cc b/extra/mariabackup/backup_copy.cc index 895ef744ea1..a998ebecd41 100644 --- a/extra/mariabackup/backup_copy.cc +++ b/extra/mariabackup/backup_copy.cc @@ -501,7 +501,8 @@ datafile_open(const char *file, datafile_cur_t *cursor, uint thread_n) 5.6+. We want to make "local" copies for the backup. */ strncpy(cursor->rel_path, xb_get_relative_path(cursor->abs_path, FALSE), - sizeof(cursor->rel_path)); + (sizeof cursor->rel_path) - 1); + cursor->rel_path[(sizeof cursor->rel_path) - 1] = '\0'; cursor->file = os_file_create_simple_no_error_handling(0, cursor->abs_path, @@ -642,8 +643,7 @@ mkdirp(const char *pathname, int Flags, myf MyFlags) /* make a parent directory path */ if (!(parent= (char *)malloc(len))) return(-1); - strncpy(parent, pathname, len); - parent[len-1]= 0; + memcpy(parent, pathname, len); for (p = parent + strlen(parent); !is_path_separator(*p) && p != parent; p--); diff --git a/extra/mariabackup/encryption_plugin.cc b/extra/mariabackup/encryption_plugin.cc index 8f7741b057a..b5acd385d0a 100644 --- a/extra/mariabackup/encryption_plugin.cc +++ b/extra/mariabackup/encryption_plugin.cc @@ -67,7 +67,8 @@ void encryption_plugin_backup_init(MYSQL *mysql) /* Required to load the plugin later.*/ add_to_plugin_load_list(plugin_load.c_str()); - strncpy(opt_plugin_dir, dir, FN_REFLEN); + strncpy(opt_plugin_dir, dir, FN_REFLEN - 1); + opt_plugin_dir[FN_REFLEN - 1] = '\0'; oss << "plugin_dir=" << '"' << dir << '"' << endl; @@ -133,7 +134,10 @@ void encryption_plugin_prepare_init(int argc, char **argv) add_to_plugin_load_list(xb_plugin_load); if (xb_plugin_dir) - strncpy(opt_plugin_dir, xb_plugin_dir, FN_REFLEN); + { + strncpy(opt_plugin_dir, xb_plugin_dir, FN_REFLEN - 1); + opt_plugin_dir[FN_REFLEN - 1] = '\0'; + } char **new_argv = new char *[argc + 1]; new_argv[0] = XTRABACKUP_EXE; diff --git a/extra/mariabackup/fil_cur.cc b/extra/mariabackup/fil_cur.cc index 46465575a48..ce9aaecfc9c 100644 --- a/extra/mariabackup/fil_cur.cc +++ b/extra/mariabackup/fil_cur.cc @@ -152,7 +152,8 @@ xb_fil_cur_open( cursor->space_id = node->space->id; cursor->is_system = !fil_is_user_tablespace_id(node->space->id); - strncpy(cursor->abs_path, node->name, sizeof(cursor->abs_path)); + strncpy(cursor->abs_path, node->name, (sizeof cursor->abs_path) - 1); + cursor->abs_path[(sizeof cursor->abs_path) - 1] = '\0'; /* Get the relative path for the destination tablespace name, i.e. the one that can be appended to the backup root directory. Non-system @@ -160,7 +161,8 @@ xb_fil_cur_open( 5.6+. We want to make "local" copies for the backup. */ strncpy(cursor->rel_path, xb_get_relative_path(cursor->abs_path, cursor->is_system), - sizeof(cursor->rel_path)); + (sizeof cursor->rel_path) - 1); + cursor->rel_path[(sizeof cursor->rel_path) - 1] = '\0'; /* In the backup mode we should already have a tablespace handle created by fil_load_single_table_tablespace() unless it is a system diff --git a/extra/mariabackup/xtrabackup.cc b/extra/mariabackup/xtrabackup.cc index 2d28a6caa84..fb897e407e2 100644 --- a/extra/mariabackup/xtrabackup.cc +++ b/extra/mariabackup/xtrabackup.cc @@ -2251,8 +2251,9 @@ check_if_skip_table( return(FALSE); } - strncpy(buf, dbname, FN_REFLEN); - buf[tbname - 1 - dbname] = 0; + strncpy(buf, dbname, FN_REFLEN - 1); + buf[FN_REFLEN - 1] = '\0'; + buf[tbname - 1 - dbname] = '\0'; const skip_database_check_result skip_database = check_if_skip_database(buf); @@ -2260,7 +2261,6 @@ check_if_skip_table( return (TRUE); } - buf[FN_REFLEN - 1] = '\0'; buf[tbname - 1 - dbname] = '.'; /* Check if there's a suffix in the table name. If so, truncate it. We @@ -4990,7 +4990,8 @@ xtrabackup_apply_delta( } dst_path[strlen(dst_path) - 6] = '\0'; - strncpy(space_name, filename, FN_REFLEN); + strncpy(space_name, filename, FN_REFLEN - 1); + space_name[FN_REFLEN - 1] = '\0'; space_name[strlen(space_name) - 6] = 0; if (!get_meta_path(src_path, meta_path)) { @@ -6036,7 +6037,8 @@ skip_check: p = next + 1; } info_file_path[len - 4] = 0; - strncpy(table_name, prev, FN_REFLEN); + strncpy(table_name, prev, FN_REFLEN - 1); + table_name[FN_REFLEN - 1] = '\0'; info_file_path[len - 4] = '.'; @@ -6072,8 +6074,7 @@ skip_check: mach_write_to_4(page , 0x78706f72UL); mach_write_to_4(page + 4, 0x74696e66UL);/*"xportinf"*/ mach_write_to_4(page + 8, n_index); - strncpy((char *) page + 12, - table_name, 500); + strncpy((char *) page + 12, table_name, FN_REFLEN); msg("mariabackup: export metadata of " "table '%s' to file `%s` " diff --git a/storage/innobase/dict/dict0dict.cc b/storage/innobase/dict/dict0dict.cc index 06c6c3effab..69762bd02ff 100644 --- a/storage/innobase/dict/dict0dict.cc +++ b/storage/innobase/dict/dict0dict.cc @@ -1626,15 +1626,8 @@ dict_table_rename_in_cache( ut_ad(mutex_own(&(dict_sys->mutex))); /* store the old/current name to an automatic variable */ - if (strlen(table->name) + 1 <= sizeof(old_name)) { - memcpy(old_name, table->name, strlen(table->name) + 1); - } else { - ut_print_timestamp(stderr); - fprintf(stderr, "InnoDB: too long table name: '%s', " - "max length is %d\n", table->name, - MAX_FULL_NAME_LEN); - ut_error; - } + ut_a(strlen(table->name) < sizeof old_name); + strcpy(old_name, table->name); fold = ut_fold_string(new_name); @@ -1845,7 +1838,7 @@ dict_table_rename_in_cache( ulint db_len; char* old_id; - char old_name_cs_filename[MAX_TABLE_NAME_LEN+20]; + char old_name_cs_filename[MAX_FULL_NAME_LEN+1]; uint errors = 0; /* All table names are internally stored in charset @@ -1862,7 +1855,8 @@ dict_table_rename_in_cache( in old_name_cs_filename */ strncpy(old_name_cs_filename, old_name, - MAX_TABLE_NAME_LEN); + MAX_FULL_NAME_LEN); + old_name_cs_filename[MAX_FULL_NAME_LEN] = '\0'; if (strstr(old_name, TEMP_TABLE_PATH_PREFIX) == NULL) { innobase_convert_to_system_charset( @@ -1884,7 +1878,9 @@ dict_table_rename_in_cache( /* Old name already in my_charset_filename */ strncpy(old_name_cs_filename, old_name, - MAX_TABLE_NAME_LEN); + MAX_FULL_NAME_LEN); + old_name_cs_filename[MAX_FULL_NAME_LEN] + = '\0'; } } @@ -1910,7 +1906,7 @@ dict_table_rename_in_cache( /* This is a generated >= 4.0.18 format id */ - char table_name[MAX_TABLE_NAME_LEN] = ""; + char table_name[MAX_TABLE_NAME_LEN + 1]; uint errors = 0; if (strlen(table->name) > strlen(old_name)) { @@ -1924,6 +1920,7 @@ dict_table_rename_in_cache( /* Convert the table name to UTF-8 */ strncpy(table_name, table->name, MAX_TABLE_NAME_LEN); + table_name[MAX_TABLE_NAME_LEN] = '\0'; innobase_convert_to_system_charset( strchr(table_name, '/') + 1, strchr(table->name, '/') + 1, @@ -1933,9 +1930,10 @@ dict_table_rename_in_cache( /* Table name could not be converted from charset my_charset_filename to UTF-8. This means that the table name - is already in UTF-8 (#mysql#50). */ + is already in UTF-8 (#mysql50#). */ strncpy(table_name, table->name, MAX_TABLE_NAME_LEN); + table_name[MAX_TABLE_NAME_LEN] = '\0'; } /* Replace the prefix 'databasename/tablename' diff --git a/storage/innobase/fts/fts0opt.cc b/storage/innobase/fts/fts0opt.cc index 77293bc867a..4ef83aefef6 100644 --- a/storage/innobase/fts/fts0opt.cc +++ b/storage/innobase/fts/fts0opt.cc @@ -1,7 +1,7 @@ /***************************************************************************** Copyright (c) 2007, 2018, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2016, MariaDB Corporation. All Rights reserved. +Copyright (c) 2016, 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -673,18 +673,17 @@ fts_fetch_index_words( fts_zip_t* zip = static_cast<fts_zip_t*>(user_arg); que_node_t* exp = sel_node->select_list; dfield_t* dfield = que_node_get_val(exp); - short len = static_cast<short>(dfield_get_len(dfield)); + + ut_a(dfield_get_len(dfield) <= FTS_MAX_WORD_LEN); + + uint16 len = uint16(dfield_get_len(dfield)); void* data = dfield_get_data(dfield); /* Skip the duplicate words. */ - if (zip->word.f_len == static_cast<ulint>(len) - && !memcmp(zip->word.f_str, data, len)) { - + if (zip->word.f_len == len && !memcmp(zip->word.f_str, data, len)) { return(TRUE); } - ut_a(len <= FTS_MAX_WORD_LEN); - memcpy(zip->word.f_str, data, len); zip->word.f_len = len; @@ -692,6 +691,9 @@ fts_fetch_index_words( ut_a(zip->zp->next_in == NULL); /* The string is prefixed by len. */ + /* FIXME: This is not byte order agnostic (InnoDB data files + with FULLTEXT INDEX are not portable between little-endian and + big-endian systems!) */ zip->zp->next_in = reinterpret_cast<byte*>(&len); zip->zp->avail_in = sizeof(len); @@ -715,7 +717,6 @@ fts_fetch_index_words( zip->zp->next_in = static_cast<byte*>(data); zip->zp->avail_in = len; ut_a(len <= FTS_MAX_WORD_LEN); - len = 0; } break; diff --git a/storage/innobase/include/dict0crea.ic b/storage/innobase/include/dict0crea.ic index 1cbaa47032b..3eb3ddfa84e 100644 --- a/storage/innobase/include/dict0crea.ic +++ b/storage/innobase/include/dict0crea.ic @@ -1,6 +1,7 @@ /***************************************************************************** Copyright (c) 1996, 2016, Oracle and/or its affiliates. All Rights Reserved. +Copyright (c) 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -65,11 +66,11 @@ dict_create_add_foreign_id( sprintf(id, "%s_ibfk_%lu", name, (ulong) (*id_nr)++); } else { - char table_name[MAX_TABLE_NAME_LEN + 20] = ""; + char table_name[MAX_TABLE_NAME_LEN + 21]; uint errors = 0; - strncpy(table_name, name, - MAX_TABLE_NAME_LEN + 20); + strncpy(table_name, name, (sizeof table_name) - 1); + table_name[(sizeof table_name) - 1] = '\0'; innobase_convert_to_system_charset( strchr(table_name, '/') + 1, @@ -78,7 +79,8 @@ dict_create_add_foreign_id( if (errors) { strncpy(table_name, name, - MAX_TABLE_NAME_LEN + 20); + (sizeof table_name) - 1); + table_name[(sizeof table_name) - 1] = '\0'; } /* no overflow if number < 1e13 */ diff --git a/storage/innobase/row/row0mysql.cc b/storage/innobase/row/row0mysql.cc index 2a9ade1da2c..a8195b604f2 100644 --- a/storage/innobase/row/row0mysql.cc +++ b/storage/innobase/row/row0mysql.cc @@ -5173,11 +5173,12 @@ row_rename_table_for_mysql( if (!new_is_tmp) { /* Rename all constraints. */ - char new_table_name[MAX_TABLE_NAME_LEN] = ""; - char old_table_utf8[MAX_TABLE_NAME_LEN] = ""; + char new_table_name[MAX_TABLE_NAME_LEN + 1]; + char old_table_utf8[MAX_TABLE_NAME_LEN + 1]; uint errors = 0; strncpy(old_table_utf8, old_name, MAX_TABLE_NAME_LEN); + old_table_utf8[MAX_TABLE_NAME_LEN] = '\0'; innobase_convert_to_system_charset( strchr(old_table_utf8, '/') + 1, strchr(old_name, '/') +1, @@ -5188,6 +5189,7 @@ row_rename_table_for_mysql( my_charset_filename to UTF-8. This means that the table name is already in UTF-8 (#mysql#50). */ strncpy(old_table_utf8, old_name, MAX_TABLE_NAME_LEN); + old_table_utf8[MAX_TABLE_NAME_LEN] = '\0'; } info = pars_info_create(); @@ -5198,6 +5200,7 @@ row_rename_table_for_mysql( old_table_utf8); strncpy(new_table_name, new_name, MAX_TABLE_NAME_LEN); + new_table_name[MAX_TABLE_NAME_LEN] = '\0'; innobase_convert_to_system_charset( strchr(new_table_name, '/') + 1, strchr(new_name, '/') +1, @@ -5208,6 +5211,7 @@ row_rename_table_for_mysql( my_charset_filename to UTF-8. This means that the table name is already in UTF-8 (#mysql#50). */ strncpy(new_table_name, new_name, MAX_TABLE_NAME_LEN); + new_table_name[MAX_TABLE_NAME_LEN] = '\0'; } pars_info_add_str_literal(info, "new_table_utf8", new_table_name); diff --git a/storage/innobase/srv/srv0start.cc b/storage/innobase/srv/srv0start.cc index 4ce3ea6672d..b300724e2a9 100644 --- a/storage/innobase/srv/srv0start.cc +++ b/storage/innobase/srv/srv0start.cc @@ -3,7 +3,7 @@ Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. Copyright (c) 2008, Google Inc. Copyright (c) 2009, Percona Inc. -Copyright (c) 2013, 2017, MariaDB Corporation. +Copyright (c) 2013, 2019, MariaDB Corporation. Portions of this file contain modifications contributed and copyrighted by Google, Inc. Those modifications are gratefully acknowledged and are described @@ -3354,9 +3354,8 @@ srv_get_meta_data_filename( if (strncmp(suffix, ".cfg", suffix_len) == 0) { strcpy(filename, path); } else { - ut_ad(strncmp(suffix, ".ibd", suffix_len) == 0); - - strncpy(filename, path, len - suffix_len); + ut_ad(!strcmp(suffix, ".ibd")); + memcpy(filename, path, len - suffix_len); suffix = filename + (len - suffix_len); strcpy(suffix, ".cfg"); } diff --git a/storage/xtradb/dict/dict0dict.cc b/storage/xtradb/dict/dict0dict.cc index 1c489d13f1a..4c5117f987e 100644 --- a/storage/xtradb/dict/dict0dict.cc +++ b/storage/xtradb/dict/dict0dict.cc @@ -1632,15 +1632,8 @@ dict_table_rename_in_cache( ut_ad(mutex_own(&(dict_sys->mutex))); /* store the old/current name to an automatic variable */ - if (strlen(table->name) + 1 <= sizeof(old_name)) { - memcpy(old_name, table->name, strlen(table->name) + 1); - } else { - ut_print_timestamp(stderr); - fprintf(stderr, "InnoDB: too long table name: '%s', " - "max length is %d\n", table->name, - MAX_FULL_NAME_LEN); - ut_error; - } + ut_a(strlen(table->name) < sizeof old_name); + strcpy(old_name, table->name); fold = ut_fold_string(new_name); @@ -1851,7 +1844,7 @@ dict_table_rename_in_cache( ulint db_len; char* old_id; - char old_name_cs_filename[MAX_TABLE_NAME_LEN+20]; + char old_name_cs_filename[MAX_FULL_NAME_LEN+1]; uint errors = 0; /* All table names are internally stored in charset @@ -1868,7 +1861,8 @@ dict_table_rename_in_cache( in old_name_cs_filename */ strncpy(old_name_cs_filename, old_name, - MAX_TABLE_NAME_LEN); + MAX_FULL_NAME_LEN); + old_name_cs_filename[MAX_FULL_NAME_LEN] = '\0'; if (strstr(old_name, TEMP_TABLE_PATH_PREFIX) == NULL) { innobase_convert_to_system_charset( @@ -1890,7 +1884,9 @@ dict_table_rename_in_cache( /* Old name already in my_charset_filename */ strncpy(old_name_cs_filename, old_name, - MAX_TABLE_NAME_LEN); + MAX_FULL_NAME_LEN); + old_name_cs_filename[MAX_FULL_NAME_LEN] + = '\0'; } } @@ -1916,7 +1912,7 @@ dict_table_rename_in_cache( /* This is a generated >= 4.0.18 format id */ - char table_name[MAX_TABLE_NAME_LEN] = ""; + char table_name[MAX_TABLE_NAME_LEN + 1]; uint errors = 0; if (strlen(table->name) > strlen(old_name)) { @@ -1930,6 +1926,7 @@ dict_table_rename_in_cache( /* Convert the table name to UTF-8 */ strncpy(table_name, table->name, MAX_TABLE_NAME_LEN); + table_name[MAX_TABLE_NAME_LEN] = '\0'; innobase_convert_to_system_charset( strchr(table_name, '/') + 1, strchr(table->name, '/') + 1, @@ -1939,9 +1936,10 @@ dict_table_rename_in_cache( /* Table name could not be converted from charset my_charset_filename to UTF-8. This means that the table name - is already in UTF-8 (#mysql#50). */ + is already in UTF-8 (#mysql50#). */ strncpy(table_name, table->name, MAX_TABLE_NAME_LEN); + table_name[MAX_TABLE_NAME_LEN] = '\0'; } /* Replace the prefix 'databasename/tablename' diff --git a/storage/xtradb/fts/fts0opt.cc b/storage/xtradb/fts/fts0opt.cc index 77293bc867a..4ef83aefef6 100644 --- a/storage/xtradb/fts/fts0opt.cc +++ b/storage/xtradb/fts/fts0opt.cc @@ -1,7 +1,7 @@ /***************************************************************************** Copyright (c) 2007, 2018, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2016, MariaDB Corporation. All Rights reserved. +Copyright (c) 2016, 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -673,18 +673,17 @@ fts_fetch_index_words( fts_zip_t* zip = static_cast<fts_zip_t*>(user_arg); que_node_t* exp = sel_node->select_list; dfield_t* dfield = que_node_get_val(exp); - short len = static_cast<short>(dfield_get_len(dfield)); + + ut_a(dfield_get_len(dfield) <= FTS_MAX_WORD_LEN); + + uint16 len = uint16(dfield_get_len(dfield)); void* data = dfield_get_data(dfield); /* Skip the duplicate words. */ - if (zip->word.f_len == static_cast<ulint>(len) - && !memcmp(zip->word.f_str, data, len)) { - + if (zip->word.f_len == len && !memcmp(zip->word.f_str, data, len)) { return(TRUE); } - ut_a(len <= FTS_MAX_WORD_LEN); - memcpy(zip->word.f_str, data, len); zip->word.f_len = len; @@ -692,6 +691,9 @@ fts_fetch_index_words( ut_a(zip->zp->next_in == NULL); /* The string is prefixed by len. */ + /* FIXME: This is not byte order agnostic (InnoDB data files + with FULLTEXT INDEX are not portable between little-endian and + big-endian systems!) */ zip->zp->next_in = reinterpret_cast<byte*>(&len); zip->zp->avail_in = sizeof(len); @@ -715,7 +717,6 @@ fts_fetch_index_words( zip->zp->next_in = static_cast<byte*>(data); zip->zp->avail_in = len; ut_a(len <= FTS_MAX_WORD_LEN); - len = 0; } break; diff --git a/storage/xtradb/include/dict0crea.ic b/storage/xtradb/include/dict0crea.ic index 1cbaa47032b..3eb3ddfa84e 100644 --- a/storage/xtradb/include/dict0crea.ic +++ b/storage/xtradb/include/dict0crea.ic @@ -1,6 +1,7 @@ /***************************************************************************** Copyright (c) 1996, 2016, Oracle and/or its affiliates. All Rights Reserved. +Copyright (c) 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -65,11 +66,11 @@ dict_create_add_foreign_id( sprintf(id, "%s_ibfk_%lu", name, (ulong) (*id_nr)++); } else { - char table_name[MAX_TABLE_NAME_LEN + 20] = ""; + char table_name[MAX_TABLE_NAME_LEN + 21]; uint errors = 0; - strncpy(table_name, name, - MAX_TABLE_NAME_LEN + 20); + strncpy(table_name, name, (sizeof table_name) - 1); + table_name[(sizeof table_name) - 1] = '\0'; innobase_convert_to_system_charset( strchr(table_name, '/') + 1, @@ -78,7 +79,8 @@ dict_create_add_foreign_id( if (errors) { strncpy(table_name, name, - MAX_TABLE_NAME_LEN + 20); + (sizeof table_name) - 1); + table_name[(sizeof table_name) - 1] = '\0'; } /* no overflow if number < 1e13 */ diff --git a/storage/xtradb/include/log0online.h b/storage/xtradb/include/log0online.h index 2d1febe9b9f..1a53b9efa9c 100644 --- a/storage/xtradb/include/log0online.h +++ b/storage/xtradb/include/log0online.h @@ -1,6 +1,7 @@ /***************************************************************************** Copyright (c) 2011-2012, Percona Inc. All Rights Reserved. +Copyright (c) 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -146,7 +147,7 @@ struct log_online_bitmap_file_range_struct { size_t count; /*!< Number of files */ /*!< Dynamically-allocated array of info about individual files */ struct files_t { - char name[FN_REFLEN]; /*!< Name of a file */ + char name[OS_FILE_MAX_PATH+1];/*!< Name of a file */ lsn_t start_lsn; /*!< Starting LSN of data in this file */ ulong seq_num; /*!< Sequence number of this diff --git a/storage/xtradb/log/log0online.cc b/storage/xtradb/log/log0online.cc index bc1667e1c20..b25e2bca711 100644 --- a/storage/xtradb/log/log0online.cc +++ b/storage/xtradb/log/log0online.cc @@ -1,7 +1,7 @@ /***************************************************************************** Copyright (c) 2011-2012 Percona Inc. All Rights Reserved. -Copyright (C) 2016, MariaDB Corporation. +Copyright (C) 2016, 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -1453,8 +1453,9 @@ log_online_setup_bitmap_file_range( bitmap_files->files[array_pos].seq_num = file_seq_num; strncpy(bitmap_files->files[array_pos].name, - bitmap_dir_file_info.name, FN_REFLEN); - bitmap_files->files[array_pos].name[FN_REFLEN - 1] + bitmap_dir_file_info.name, + OS_FILE_MAX_PATH); + bitmap_files->files[array_pos].name[OS_FILE_MAX_PATH] = '\0'; bitmap_files->files[array_pos].start_lsn = file_start_lsn; diff --git a/storage/xtradb/row/row0mysql.cc b/storage/xtradb/row/row0mysql.cc index 93a4db98e7b..498a35a86ce 100644 --- a/storage/xtradb/row/row0mysql.cc +++ b/storage/xtradb/row/row0mysql.cc @@ -5183,11 +5183,12 @@ row_rename_table_for_mysql( if (!new_is_tmp) { /* Rename all constraints. */ - char new_table_name[MAX_TABLE_NAME_LEN] = ""; - char old_table_utf8[MAX_TABLE_NAME_LEN] = ""; + char new_table_name[MAX_TABLE_NAME_LEN + 1]; + char old_table_utf8[MAX_TABLE_NAME_LEN + 1]; uint errors = 0; strncpy(old_table_utf8, old_name, MAX_TABLE_NAME_LEN); + old_table_utf8[MAX_TABLE_NAME_LEN] = '\0'; innobase_convert_to_system_charset( strchr(old_table_utf8, '/') + 1, strchr(old_name, '/') +1, @@ -5198,6 +5199,7 @@ row_rename_table_for_mysql( my_charset_filename to UTF-8. This means that the table name is already in UTF-8 (#mysql#50). */ strncpy(old_table_utf8, old_name, MAX_TABLE_NAME_LEN); + old_table_utf8[MAX_TABLE_NAME_LEN] = '\0'; } info = pars_info_create(); @@ -5208,6 +5210,7 @@ row_rename_table_for_mysql( old_table_utf8); strncpy(new_table_name, new_name, MAX_TABLE_NAME_LEN); + new_table_name[MAX_TABLE_NAME_LEN] = '\0'; innobase_convert_to_system_charset( strchr(new_table_name, '/') + 1, strchr(new_name, '/') +1, @@ -5218,6 +5221,7 @@ row_rename_table_for_mysql( my_charset_filename to UTF-8. This means that the table name is already in UTF-8 (#mysql#50). */ strncpy(new_table_name, new_name, MAX_TABLE_NAME_LEN); + new_table_name[MAX_TABLE_NAME_LEN] = '\0'; } pars_info_add_str_literal(info, "new_table_utf8", new_table_name); diff --git a/storage/xtradb/srv/srv0start.cc b/storage/xtradb/srv/srv0start.cc index 2553d405a19..941feeb70c7 100644 --- a/storage/xtradb/srv/srv0start.cc +++ b/storage/xtradb/srv/srv0start.cc @@ -3,7 +3,7 @@ Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. Copyright (c) 2008, Google Inc. Copyright (c) 2009, Percona Inc. -Copyright (c) 2013, 2017, MariaDB Corporation +Copyright (c) 2013, 2019, MariaDB Corporation. Portions of this file contain modifications contributed and copyrighted by Google, Inc. Those modifications are gratefully acknowledged and are described @@ -3476,9 +3476,8 @@ srv_get_meta_data_filename( if (strncmp(suffix, ".cfg", suffix_len) == 0) { strcpy(filename, path); } else { - ut_ad(strncmp(suffix, ".ibd", suffix_len) == 0); - - strncpy(filename, path, len - suffix_len); + ut_ad(!strcmp(suffix, ".ibd")); + memcpy(filename, path, len - suffix_len); suffix = filename + (len - suffix_len); strcpy(suffix, ".cfg"); } |