Bug#51738 Unit test pfs_instr-t crashes

The unit test pfs_instr-t:
- generates a very long (10,000) bytes file name
- calls find_or_create_file.

This leads to a buffer overflow in mysys in my_realpath(),
because my_realpath and mysys file APIs in general do not
test for input parameters: mysys assumes every file name
is less that FN_REFLEN in length.

Calling find_or_create_file with a very long file name is likely
to happen when instrumenting third party code that does not use mysys,
so this test is legitimate.

The fix is to make find_or_create_file in the performance schema
more robust in this case.

1 files changed, 21 insertions, 1 deletions

diff --git a/storage/perfschema/pfs_instr.cc b/storage/perfschema/pfs_instr.cc
index 28b54cc6979..fbaac621dfb 100644
--- a/storage/perfschema/pfs_instr.cc
+++ b/storage/perfschema/pfs_instr.cc
@@ -746,6 +746,26 @@ find_or_create_file(PFS_thread *thread, PFS_file_class *klass,
     }
   }
 
+  char safe_buffer[FN_REFLEN];
+  const char *safe_filename;
+
+  if (len >= FN_REFLEN)
+  {
+    /*
+      The instrumented code uses file names that exceeds FN_REFLEN.
+      This could be legal for instrumentation on non mysys APIs,
+      so we support it.
+      Truncate the file name so that:
+      - it fits into pfs->m_filename
+      - it is safe to use mysys apis to normalize the file name.
+    */
+    memcpy(safe_buffer, filename, FN_REFLEN - 2);
+    safe_buffer[FN_REFLEN - 1]= 0;
+    safe_filename= safe_buffer;
+  }
+  else
+    safe_filename= filename;
+
   /*
     Normalize the file name to avoid duplicates when using aliases:
     - absolute or relative paths
@@ -759,7 +779,7 @@ find_or_create_file(PFS_thread *thread, PFS_file_class *klass,
     Ignore errors, the file may not exist.
     my_realpath always provide a best effort result in buffer.
   */
-  (void) my_realpath(buffer, filename, MYF(0));
+  (void) my_realpath(buffer, safe_filename, MYF(0));
 
   normalized_filename= buffer;
   normalized_length= strlen(normalized_filename);