summaryrefslogtreecommitdiff
path: root/client/mysqlbinlog.cc
diff options
context:
space:
mode:
authorunknown <lars@mysql.com>2004-11-04 15:59:19 +0100
committerunknown <lars@mysql.com>2004-11-04 15:59:19 +0100
commit1186229ffc8a440d35b333dcf69501363bf45620 (patch)
tree5ab67bb5f924c54fe5ef5091f6bdf30756b9dd7a /client/mysqlbinlog.cc
parent9afd24f00090848243d31ae342706e27c8e00f4e (diff)
downloadmariadb-git-1186229ffc8a440d35b333dcf69501363bf45620.tar.gz
BUG#6239 V2: Since uint can be shorter than ulong on 64 bit platforms,
the comparision of "packet_len" (uint) and "len" (uint) with "packet_error" (ulong) was always false.
Diffstat (limited to 'client/mysqlbinlog.cc')
-rw-r--r--client/mysqlbinlog.cc23
1 files changed, 19 insertions, 4 deletions
diff --git a/client/mysqlbinlog.cc b/client/mysqlbinlog.cc
index 5f9a499bd31..8015871428e 100644
--- a/client/mysqlbinlog.cc
+++ b/client/mysqlbinlog.cc
@@ -204,7 +204,7 @@ int Load_log_processor::load_old_format_file(NET* net, const char*server_fname,
for (;;)
{
- uint packet_len = my_net_read(net);
+ ulong packet_len = my_net_read(net);
if (packet_len == 0)
{
if (my_net_write(net, "", 0) || net_flush(net))
@@ -226,7 +226,13 @@ int Load_log_processor::load_old_format_file(NET* net, const char*server_fname,
return -1;
}
- if (my_write(file, (byte*) net->read_pos, packet_len,MYF(MY_WME|MY_NABP)))
+ if (packet_len > UINT_MAX)
+ {
+ sql_print_error("Illegal length of packet read from net");
+ return -1;
+ }
+ if (my_write(file, (byte*) net->read_pos,
+ (uint) packet_len, MYF(MY_WME|MY_NABP)))
return -1;
}
@@ -747,7 +753,8 @@ static int dump_remote_log_entries(const char* logname)
{
char buf[128];
char last_db[FN_REFLEN+1] = "";
- uint len, logname_len;
+ ulong len;
+ uint logname_len;
NET* net;
int old_format;
int error= 0;
@@ -770,7 +777,15 @@ static int dump_remote_log_entries(const char* logname)
*/
int4store(buf, (uint32)start_position);
int2store(buf + BIN_LOG_HEADER_SIZE, binlog_flags);
- logname_len = (uint) strlen(logname);
+
+ size_s tlen = strlen(logname);
+ if (tlen > UINT_MAX)
+ {
+ fprintf(stderr,"Log name too long\n");
+ error= 1;
+ goto err;
+ }
+ logname_len = (uint) tlen;
int4store(buf + 6, 0);
memcpy(buf + 10, logname, logname_len);
if (simple_command(mysql, COM_BINLOG_DUMP, buf, logname_len + 10, 1))
View Lorry Controller Status