BUG#20622: Fix one-byte buffer overrun in IM directory string handling.

The problem was a call to convert_dirname() with a destination buffer
that did not have room for the trailing slash added by that function.
This could cause the instance manager to crash in some cases.


mysys/mf_dirname.c:
  Clarify in comments that convert_dirname destination must be larger than
  source to accomodate a trailing slash.
server-tools/instance-manager/instance_options.cc:
  Fix buffer overrun.

1 files changed, 3 insertions, 1 deletions

diff --git a/mysys/mf_dirname.c b/mysys/mf_dirname.c
index 9206aa28078..4d78f039799 100644
--- a/mysys/mf_dirname.c
+++ b/mysys/mf_dirname.c
@@ -72,7 +72,9 @@ uint dirname_part(my_string to, const char *name)
 
   SYNPOSIS
     convert_dirname()
-    to				Store result here
+    to				Store result here. Must be at least of size
+    				min(FN_REFLEN, strlen(from) + 1) to make room
+    				for adding FN_LIBCHAR at the end.
     from			Original filename
     from_end			Pointer at end of filename (normally end \0)