diff options
| author | unknown <osku@127.(none)> | 2005-09-29 13:02:18 +0300 |
|---|---|---|
| committer | unknown <osku@127.(none)> | 2005-09-29 13:02:18 +0300 |
| commit | b2d8eb02a7ee3fd6204ddbb037321b76f36db24e (patch) | |
| tree | a9705f364c5027166020d94dd5da2f9092fb04a8 /innobase | |
| parent | a5dd3d5d8f8e67cb74403f8265b9c61daf9d5ccd (diff) | |
| download | mariadb-git-b2d8eb02a7ee3fd6204ddbb037321b76f36db24e.tar.gz | |
InnoDB: Fix potential buffer underflow.
innobase/include/ut0mem.h:
Add ut_strlcpy_rev.
innobase/mem/mem0mem.c:
Use ut_strlcpy_rev instead of buggy own implementation.
innobase/ut/ut0mem.c:
Add ut_strlcpy_rev.
Diffstat (limited to 'innobase')
| -rw-r--r-- | innobase/include/ut0mem.h | 13 | ||||
| -rw-r--r-- | innobase/mem/mem0mem.c | 4 | ||||
| -rw-r--r-- | innobase/ut/ut0mem.c | 25 |
3 files changed, 38 insertions, 4 deletions
diff --git a/innobase/include/ut0mem.h b/innobase/include/ut0mem.h index 8f109a64b55..b9bbe0b5c92 100644 --- a/innobase/include/ut0mem.h +++ b/innobase/include/ut0mem.h @@ -122,6 +122,7 @@ ut_strcmp(const void* str1, const void* str2); Copies up to size - 1 characters from the NUL-terminated string src to dst, NUL-terminating the result. Returns strlen(src), so truncation occurred if the return value >= size. */ + ulint ut_strlcpy( /*=======*/ @@ -131,6 +132,18 @@ ut_strlcpy( ulint size); /* in: size of destination buffer */ /************************************************************************** +Like ut_strlcpy, but if src doesn't fit in dst completely, copies the last +(size - 1) bytes of src, not the first. */ + +ulint +ut_strlcpy_rev( +/*===========*/ + /* out: strlen(src) */ + char* dst, /* in: destination buffer */ + const char* src, /* in: source buffer */ + ulint size); /* in: size of destination buffer */ + +/************************************************************************** Compute strlen(ut_strcpyq(str, q)). */ UNIV_INLINE ulint diff --git a/innobase/mem/mem0mem.c b/innobase/mem/mem0mem.c index 85f0119d02a..daf78008d45 100644 --- a/innobase/mem/mem0mem.c +++ b/innobase/mem/mem0mem.c @@ -187,9 +187,7 @@ mem_heap_create_block( } block->magic_n = MEM_BLOCK_MAGIC_N; - ut_memcpy(&(block->file_name), file_name + ut_strlen(file_name) - 7, - 7); - block->file_name[7]='\0'; + ut_strlcpy_rev(block->file_name, file_name, sizeof(block->file_name)); block->line = line; #ifdef MEM_PERIODIC_CHECK diff --git a/innobase/ut/ut0mem.c b/innobase/ut/ut0mem.c index c1e3ebbf35c..47b1e24e5e1 100644 --- a/innobase/ut/ut0mem.c +++ b/innobase/ut/ut0mem.c @@ -364,7 +364,30 @@ ut_strlcpy( dst[n] = '\0'; } - return src_size; + return(src_size); +} + +/************************************************************************** +Like ut_strlcpy, but if src doesn't fit in dst completely, copies the last +(size - 1) bytes of src, not the first. */ + +ulint +ut_strlcpy_rev( +/*===========*/ + /* out: strlen(src) */ + char* dst, /* in: destination buffer */ + const char* src, /* in: source buffer */ + ulint size) /* in: size of destination buffer */ +{ + ulint src_size = strlen(src); + + if (size != 0) { + ulint n = ut_min(src_size, size - 1); + + memcpy(dst, src + src_size - n, n + 1); + } + + return(src_size); } /************************************************************************** |