diff options
| author | tnurnberg@mysql.com/white.intern.koehntopp.de <> | 2007-11-26 08:20:40 +0100 |
|---|---|---|
| committer | tnurnberg@mysql.com/white.intern.koehntopp.de <> | 2007-11-26 08:20:40 +0100 |
| commit | 1a95ed1df2bdd26444a973e07ffd84c045deb734 (patch) | |
| tree | e6e0d5c6e9e90e5a7e95d8325c0eedbee083ff12 /sql/unireg.cc | |
| parent | 39f6cbc221a7b8d88326a6fab41fa1459e8b9dbe (diff) | |
| download | mariadb-git-1a95ed1df2bdd26444a973e07ffd84c045deb734.tar.gz | |
Bug#31752: check strmake() bounds
strmake() calls are easy to get wrong. Add checks in extra
debug mode to identify possible exploits.
Remove some dead code.
Remove some off-by-one errors identified with new checks.
Diffstat (limited to 'sql/unireg.cc')
| -rw-r--r-- | sql/unireg.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sql/unireg.cc b/sql/unireg.cc index e5ee0222f20..795198fc55f 100644 --- a/sql/unireg.cc +++ b/sql/unireg.cc @@ -140,6 +140,9 @@ bool mysql_create_frm(THD *thd, my_string file_name, strmake((char*) forminfo+47,create_info->comment ? create_info->comment : "", 60); forminfo[46]=(uchar) strlen((char*)forminfo+47); // Length of comment +#ifdef EXTRA_DEBUG + memset((char*) forminfo+47 + forminfo[46], 0, 61 - forminfo[46]); +#endif if (my_pwrite(file,(byte*) fileinfo,64,0L,MYF_RW) || my_pwrite(file,(byte*) keybuff,key_info_length, |