diff options
| author | unknown <tnurnberg@mysql.com/white.intern.koehntopp.de> | 2007-12-06 11:48:27 +0100 |
|---|---|---|
| committer | unknown <tnurnberg@mysql.com/white.intern.koehntopp.de> | 2007-12-06 11:48:27 +0100 |
| commit | 0805384869656fc9efaa28de331e825aa8b885d7 (patch) | |
| tree | c436358ed1e1ffba482ad6d92916f625847fb212 /sql/unireg.cc | |
| parent | a905ac34b59731bb69a036306297c50742753329 (diff) | |
| download | mariadb-git-0805384869656fc9efaa28de331e825aa8b885d7.tar.gz | |
Bug#31752: check strmake() bounds
post-fixes: prevent semi-related overflow, additional comments
mysys/mf_pack.c:
extra comments
sql/log.cc:
prevent overflow (length parameter of strmake() should
never become < 0)
sql/sql_show.cc:
additional comments
sql/unireg.cc:
additional comments
Diffstat (limited to 'sql/unireg.cc')
| -rw-r--r-- | sql/unireg.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sql/unireg.cc b/sql/unireg.cc index 795198fc55f..dcb49bc1766 100644 --- a/sql/unireg.cc +++ b/sql/unireg.cc @@ -141,6 +141,11 @@ bool mysql_create_frm(THD *thd, my_string file_name, 60); forminfo[46]=(uchar) strlen((char*)forminfo+47); // Length of comment #ifdef EXTRA_DEBUG + /* + EXTRA_DEBUG causes strmake() to initialize its buffer behind the + payload with a magic value to detect wrong buffer-sizes. We + explicitly zero that segment again. + */ memset((char*) forminfo+47 + forminfo[46], 0, 61 - forminfo[46]); #endif |