Bug#20894 Reproducible MySQL client segmentation fault

- Add two null bytes in "buff" variable allowing us to call get_arg two times also for strings longer than sizeof(buff) client/mysql.cc: Make sure there are _two_ zero bytes at the end of buff, to allow 'get_arg' to be called twice on long strings. The first time it will mark end of string with a zero and the second time it will "skip ahead" to the first zero, and the find the second one indicating end of buff. mysql-test/r/mysql.result: Update test results mysql-test/t/mysql.test: Add tests for "com_connect" function in mysql Add test reported in bug
author: unknown <msvensson@neptunus.(none)> 2006-10-26 19:51:29 +0200
committer: unknown <msvensson@neptunus.(none)> 2006-10-26 19:51:29 +0200
commit: 08d43705a6ab99779cab4fa281b45e00017f59b8 (patch)
tree: 6d4ad7881ef9fcf045e91dd90490348169253055 /client/mysql.cc
parent: 060f4196afec7a0ae9138549e5bb96d76a33eb54 (diff)
download: mariadb-git-08d43705a6ab99779cab4fa281b45e00017f59b8.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/client/mysql.cc b/client/mysql.cc
index f845038d6b6..bc00b51ed93 100644
--- a/client/mysql.cc
+++ b/client/mysql.cc
@@ -2934,7 +2934,11 @@ com_connect(String *buffer, char *line)
   bzero(buff, sizeof(buff));
   if (buffer)
   {
-    strmake(buff, line, sizeof(buff) - 1);
+    /*
+      Two null bytes are needed in the end of buff to allow
+      get_arg to find end of string the second time it's called.
+    */
+    strmake(buff, line, sizeof(buff)-2);
     tmp= get_arg(buff, 0);
     if (tmp && *tmp)
     {
author	unknown <msvensson@neptunus.(none)>	2006-10-26 19:51:29 +0200
committer	unknown <msvensson@neptunus.(none)>	2006-10-26 19:51:29 +0200
commit	08d43705a6ab99779cab4fa281b45e00017f59b8 (patch)
tree	6d4ad7881ef9fcf045e91dd90490348169253055 /client/mysql.cc
parent	060f4196afec7a0ae9138549e5bb96d76a33eb54 (diff)
download	mariadb-git-08d43705a6ab99779cab4fa281b45e00017f59b8.tar.gz