diff options
| author | Davi Arnaut <Davi.Arnaut@Sun.COM> | 2009-12-17 15:58:38 -0200 |
|---|---|---|
| committer | Davi Arnaut <Davi.Arnaut@Sun.COM> | 2009-12-17 15:58:38 -0200 |
| commit | 06a1df91813ea2c39f7312bcf8af972c7e8a926f (patch) | |
| tree | dac324abc82ad6d66e71348f8270ff42658c84a9 /sql/item_uniq.cc | |
| parent | 522c084631ad581ec8f17b187a689f9b992ca06e (diff) | |
| download | mariadb-git-06a1df91813ea2c39f7312bcf8af972c7e8a926f.tar.gz | |
Bug#48983: Bad strmake calls (length one too long)
The problem is a somewhat common misusage of the strmake function.
The strmake(dst, src, len) function writes at most /len/ bytes to
the string pointed to by src, not including the trailing null byte.
Hence, if /len/ is the exact length of the destination buffer, a
one byte buffer overflow can occur if the length of the source
string is equal to or greater than /len/.
client/mysqldump.c:
Make room for the trailing null byte.
libmysql/libmysql.c:
Add comment, there is enough room in the buffer.
Increase buffer length, two strings are concatenated.
libmysqld/lib_sql.cc:
Make room for the trailing null byte.
mysys/default.c:
Make room for the trailing null bytes.
mysys/mf_pack.c:
Make room for the trailing null byte.
server-tools/instance-manager/commands.cc:
Copy only if overflow isn't possible in both cases.
server-tools/instance-manager/listener.cc:
Make room for the trailing null byte.
sql/log.cc:
Make room for the trailing null byte.
sql/sp_pcontext.h:
Cosmetic fix.
sql/sql_acl.cc:
MAX_HOSTNAME already specifies space for the trailing null byte.
sql/sql_parse.cc:
Make room for the trailing null byte.
sql/sql_table.cc:
Make room for the trailing null byte.
Diffstat (limited to 'sql/item_uniq.cc')
0 files changed, 0 insertions, 0 deletions