diff options
| author | unknown <bar@mysql.com/bar.myoffice.izhnet.ru> | 2007-05-30 14:03:35 +0500 |
|---|---|---|
| committer | unknown <bar@mysql.com/bar.myoffice.izhnet.ru> | 2007-05-30 14:03:35 +0500 |
| commit | 42eab5a2b1824ad0896100259441a881deff4378 (patch) | |
| tree | 7d98ca60a6020ebd5c9ac68a51d13eb13a0a7aaa /strings/my_vsnprintf.c | |
| parent | b3949122b1f9003189ea46faff82bb13596baaf1 (diff) | |
| download | mariadb-git-42eab5a2b1824ad0896100259441a881deff4378.tar.gz | |
Fixing wrong memory read problem detected by Valgrind in "xml" test.
The source of the problem was in my_vsnprintf() implementation.
strings/my_vsnprintf.c:
Fixing a problem in vsnprintf('%.*s', len, ptr)
When processing the above format, it's incorrect
to use strlen() because the string is not necessarily
a null terminated string.
Changing strlen() followed by set_if_smaller()
to strnlen() - which covers both cases - limiting
by '\0' and by "len".
Diffstat (limited to 'strings/my_vsnprintf.c')
| -rw-r--r-- | strings/my_vsnprintf.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/strings/my_vsnprintf.c b/strings/my_vsnprintf.c index 93d228a1954..befdb1a81c2 100644 --- a/strings/my_vsnprintf.c +++ b/strings/my_vsnprintf.c @@ -95,8 +95,7 @@ int my_vsnprintf(char *to, size_t n, const char* fmt, va_list ap) reg2 char *par = va_arg(ap, char *); uint plen,left_len = (uint)(end-to)+1; if (!par) par = (char*)"(null)"; - plen = (uint) strlen(par); - set_if_smaller(plen,width); + plen= (uint) strnlen(par, width); if (left_len <= plen) plen = left_len - 1; to=strnmov(to,par,plen); |