diff options
| author | Shishir Jaiswal <shishir.j.jaiswal@oracle.com> | 2016-05-16 13:46:49 +0530 |
|---|---|---|
| committer | Prashant Tekriwal <prashant.tekriwal@oracle.com> | 2016-05-16 11:33:57 +0200 |
| commit | 9d72fb4af0d87f6a69a3ccb9202b4029acf2bd56 (patch) | |
| tree | f0390f098b09894c5f8a5f42f9931d12f61d2444 /sql/log.cc | |
| parent | 6768f80c0b1f0b82c5addbe47ce712ded14d0d8c (diff) | |
| download | mariadb-git-9d72fb4af0d87f6a69a3ccb9202b4029acf2bd56.tar.gz | |
Bug#21977380 - POSSIBLE BUFFER OVERFLOW ISSUES
DESCRIPTION
===========
Buffer overflow is reported in a lot of code sections
spanning across server, client programs, Regex libraries
etc. If not handled appropriately, they can cause abnormal
behaviour.
ANALYSIS
========
The reported casea are the ones which are likely to result
in SEGFAULT, MEMORY LEAK etc.
FIX
===
- sprintf() has been replaced by my_snprintf() to avoid
buffer overflow.
- my_free() is done after checking if the pointer isn't
NULL already and setting it to NULL thereafter at few
places.
- Buffer is ensured to be large enough to hold the data.
- 'unsigned int' (aka 'uint') is replaced with 'size_t'
to avoid wraparound.
- Memory is freed (if not done so) after its alloced and
used.
- Inserted assert() for size check in InnoDb memcached
code (from 5.6 onwards)
- Other minor changes
(cherry picked from commit 3487e20959c940cbd24429afa795ebfc8a01e94f)
Diffstat (limited to 'sql/log.cc')
0 files changed, 0 insertions, 0 deletions