Bug#24498 Stack overflow in mysqltest

- Thanks to Vasil Dimov for the patch! client/mysqltest.c: Use my_snprintf to protect against exceeding size of buff Since variable name and valu might not be null terminated it's necessary to provide the length of the format specifiers.
author: unknown <msvensson@neptunus.(none)> 2006-12-08 16:08:54 +0100
committer: unknown <msvensson@neptunus.(none)> 2006-12-08 16:08:54 +0100
commit: 33a098bf7607db19f513d80e2391b757e9ce6536 (patch)
tree: fc743c92eaa8c2029bd7a29aa43c48dee4374ac5
parent: ca1aebbd57a67381b1016d63f614e21af80a1d0c (diff)
download: mariadb-git-33a098bf7607db19f513d80e2391b757e9ce6536.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/client/mysqltest.c b/client/mysqltest.c
index c6cbf6aabe0..ac186a7361e 100644
--- a/client/mysqltest.c
+++ b/client/mysqltest.c
@@ -1240,7 +1240,9 @@ void var_set(const char *var_name, const char *var_name_end,
       v->int_dirty= 0;
       v->str_val_len= strlen(v->str_val);
     }
-    strxmov(buf, v->name, "=", v->str_val, NullS);
+    my_snprintf(buf, sizeof(buf), "%.*s=%.*s",
+                v->name_len, v->name,
+                v->str_val_len, v->str_val);
     if (!(v->env_s= my_strdup(buf, MYF(MY_WME))))
       die("Out of memory");
     putenv(v->env_s);
author	unknown <msvensson@neptunus.(none)>	2006-12-08 16:08:54 +0100
committer	unknown <msvensson@neptunus.(none)>	2006-12-08 16:08:54 +0100
commit	33a098bf7607db19f513d80e2391b757e9ce6536 (patch)
tree	fc743c92eaa8c2029bd7a29aa43c48dee4374ac5
parent	ca1aebbd57a67381b1016d63f614e21af80a1d0c (diff)
download	mariadb-git-33a098bf7607db19f513d80e2391b757e9ce6536.tar.gz