From 1c72446ef69cf6c50cf9b2dae69b2b24a7576103 Mon Sep 17 00:00:00 2001
From: unknown <tnurnberg@mysql.com/white.intern.koehntopp.de>
Date: Mon, 26 Nov 2007 09:13:23 +0100
Subject: Bug#31752: check strmake() bounds

strmake() called with wrong parameters:
5.0-specific fixes.


client/mysql.cc:
  In debug-mode, strmake() fills unused part of buffer with
  a test-pattern. This overwrites our previous extra '\0'
  (from previous bzero()).
sql/sp.cc:
  off-by-one buffer-size.
---
 client/mysql.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'client/mysql.cc')

diff --git a/client/mysql.cc b/client/mysql.cc
index 8e1b6c2a9b4..ff2c1d228cd 100644
--- a/client/mysql.cc
+++ b/client/mysql.cc
@@ -2987,7 +2987,10 @@ com_connect(String *buffer, char *line)
       Two null bytes are needed in the end of buff to allow
       get_arg to find end of string the second time it's called.
     */
-    strmake(buff, line, sizeof(buff)-2);
+    tmp= strmake(buff, line, sizeof(buff)-2);
+#ifdef EXTRA_DEBUG
+    tmp[1]= 0;
+#endif
     tmp= get_arg(buff, 0);
     if (tmp && *tmp)
     {
-- 
cgit v1.2.1